VYPR

CODA-4582

by Hitron

CVEs (4)

  • CVE-2024-25730CriFeb 23, 2024
    risk 0.64cvss 9.8epss 0.01

    Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million possibilities).

  • CVE-2020-8824MedFeb 19, 2020
    risk 0.35cvss 5.4epss 0.01

    Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen.

  • CVE-2024-31973MedOct 30, 2024
    risk 0.34cvss 5.2epss 0.00

    Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via the 'Network Name (SSID)' input fields to the /index.html#wireless_basic page.

  • CVE-2024-28089MedMar 9, 2024
    risk 0.34cvss 5.2epss 0.01

    Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity (who has access to the router admin panel) to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.html#advanced_location (aka…