CVE-2024-28089 is a DOM-based stored cross-site scripting vulnerability identified in Hitron CODA-4582 2AHKM-CODA4589 routers with firmware version 7.2.4.5.1b8. The vulnerability arises from improper sanitization of user-controllable input on the Device Location page (index.html#advanced_location), allowing an attacker with access to the router's administrative interface over Wi-Fi to inject malicious JavaScript payloads. These payloads execute within the context of the router's web interface, enabling the attacker to fetch remote resources, potentially exfiltrate sensitive information, or disrupt router functionality causing denial of service. The attack vector requires proximity to the Wi-Fi network and access to the admin panel, but no authentication privileges are needed beyond that. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation). The CVSS v3.1 base score is 5.2 (medium severity), reflecting the requirement for local network access and user interaction, with limited confidentiality and integrity impacts and no direct availability impact. No patches or mitigations have been officially released, and no known exploits are currently in the wild.

This vulnerability can impact organizations by enabling attackers within Wi-Fi range to compromise the integrity and confidentiality of the router's administrative interface. Successful exploitation could lead to information disclosure, such as leakage of configuration details or network information, and denial of service conditions that disrupt network connectivity. For enterprises relying on these routers for critical network infrastructure, this could degrade operational capabilities and expose sensitive data. The requirement for Wi-Fi proximity and admin panel access limits the attack scope to local attackers or insiders, but in environments with weak Wi-Fi security or shared access, the risk increases. Additionally, compromised routers could serve as footholds for further network intrusion or lateral movement. The absence of patches increases exposure duration, necessitating immediate mitigation efforts.

Organizations should immediately restrict access to the router's administrative interface by enforcing strong Wi-Fi security measures such as WPA3 or at minimum WPA2 with strong passwords to prevent unauthorized Wi-Fi access. Disable remote administration features if enabled, and limit admin panel access to trusted devices or network segments using MAC filtering or VLAN segmentation. Regularly monitor router logs and network traffic for unusual activity indicative of exploitation attempts. If possible, replace affected devices with models from vendors that provide timely security updates. Network administrators should also educate users about the risks of accessing router admin panels from untrusted devices or networks. Until an official patch is released, consider deploying web application firewalls or intrusion detection systems capable of detecting and blocking XSS payloads targeting the router's interface.