Vulnerabilites related to sitecom - wlx-2006_firmware
CVE-2024-40112 (GCVE-0-2024-40112)
Vulnerability from cvelistv5
Published
2025-06-02 00:00
Modified
2025-06-02 19:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-40112",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T19:00:11.004208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T19:04:00.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the \"language\" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:16:20.792Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://www.sitecomlearningcentre.com/products/wlx-2006v1001/wi-fi-range-extender-n300/downloads"
},
{
"url": "https://github.com/Emm448/vulnerability-research/tree/main/CVE-2024-40112"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-40112",
"datePublished": "2025-06-02T00:00:00.000Z",
"dateReserved": "2024-07-05T00:00:00.000Z",
"dateUpdated": "2025-06-02T19:04:00.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40114 (GCVE-0-2024-40114)
Vulnerability from cvelistv5
Published
2025-06-02 00:00
Modified
2025-06-02 19:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-40114",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T19:39:21.263011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T19:39:28.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:19:00.415Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://www.sitecomlearningcentre.com/products/wlx-2006v1001/wi-fi-range-extender-n300/downloads"
},
{
"url": "https://github.com/Emm448/vulnerability-research/tree/main/CVE-2024-40114"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-40114",
"datePublished": "2025-06-02T00:00:00.000Z",
"dateReserved": "2024-07-05T00:00:00.000Z",
"dateUpdated": "2025-06-02T19:39:28.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40113 (GCVE-0-2024-40113)
Vulnerability from cvelistv5
Published
2025-06-02 00:00
Modified
2025-06-02 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-40113",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T19:29:24.258903Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T19:34:57.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:18:11.203Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://www.sitecomlearningcentre.com/products/wlx-2006v1001/wi-fi-range-extender-n300/downloads"
},
{
"url": "https://github.com/Emm448/vulnerability-research/tree/main/CVE-2024-40113"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-40113",
"datePublished": "2025-06-02T00:00:00.000Z",
"dateReserved": "2024-07-05T00:00:00.000Z",
"dateUpdated": "2025-06-02T19:34:57.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2025-06-02 16:15
Modified
2025-06-24 01:00
Severity ?
Summary
Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitecom | wlx-2006_firmware | * | |
| sitecom | wlx-2006 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sitecom:wlx-2006_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1041B225-883C-4ACB-A6B5-07A998BB7645",
"versionEndIncluding": "1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sitecom:wlx-2006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE8515F-223E-48F8-A875-C8B551D6623C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials."
},
{
"lang": "es",
"value": "Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 y anteriores es vulnerable al uso de credenciales predeterminadas."
}
],
"id": "CVE-2024-40113",
"lastModified": "2025-06-24T01:00:53.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-06-02T16:15:27.010",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://www.sitecomlearningcentre.com/products/wlx-2006v1001/wi-fi-range-extender-n300/downloads"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"Exploit"
],
"url": "https://github.com/Emm448/vulnerability-research/tree/main/CVE-2024-40113"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1392"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-02 16:15
Modified
2025-06-25 19:29
Severity ?
Summary
A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.sitecomlearningcentre.com/products/wlx-2006v1001/wi-fi-range-extender-n300/downloads | Broken Link | |
| cve@mitre.org | https://github.com/Emm448/vulnerability-research/tree/main/CVE-2024-40112 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitecom | wlx-2006_firmware | * | |
| sitecom | wlx-2006 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sitecom:wlx-2006_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1041B225-883C-4ACB-A6B5-07A998BB7645",
"versionEndIncluding": "1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sitecom:wlx-2006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE8515F-223E-48F8-A875-C8B551D6623C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the \"language\" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inclusi\u00f3n de archivos locales (LFI) en Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 y versiones anteriores, que permite a un atacante manipular la cookie de idioma para incluir archivos arbitrarios del servidor. Esta vulnerabilidad puede explotarse para divulgar informaci\u00f3n confidencial."
}
],
"id": "CVE-2024-40112",
"lastModified": "2025-06-25T19:29:17.833",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-06-02T16:15:26.880",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.sitecomlearningcentre.com/products/wlx-2006v1001/wi-fi-range-extender-n300/downloads"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Emm448/vulnerability-research/tree/main/CVE-2024-40112"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-98"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-02 16:15
Modified
2025-06-24 00:59
Severity ?
Summary
A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitecom | wlx-2006_firmware | * | |
| sitecom | wlx-2006 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sitecom:wlx-2006_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1041B225-883C-4ACB-A6B5-07A998BB7645",
"versionEndIncluding": "1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sitecom:wlx-2006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE8515F-223E-48F8-A875-C8B551D6623C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site-scripting (XSS) en Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 y anteriores permite a un atacante manipular la cookie de idioma para inyectar c\u00f3digo JavaScript malicioso."
}
],
"id": "CVE-2024-40114",
"lastModified": "2025-06-24T00:59:48.440",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-06-02T16:15:27.127",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://www.sitecomlearningcentre.com/products/wlx-2006v1001/wi-fi-range-extender-n300/downloads"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Emm448/vulnerability-research/tree/main/CVE-2024-40114"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}