CVE-2024-28091 is a stored cross-site scripting (XSS) vulnerability identified in Technicolor TC8715D and TC8717T router devices, specifically within the User Defined Service functionality accessible via the managed_services_add.asp web interface. The vulnerability arises because the application improperly sanitizes user input, allowing an attacker within Wi-Fi proximity to inject malicious JavaScript code that is stored on the device. When a legitimate user accesses the affected page and clicks the 'X' button to delete a service, the stored script executes in their browser context. This stored XSS attack vector can lead to client-side attacks such as session hijacking, credential theft, or unauthorized actions performed on behalf of the victim. The vulnerability does not require any authentication or elevated privileges, but it does require the victim's interaction (clicking the deletion 'X'). The CVSS 3.1 score of 6.1 reflects a medium severity, with network attack vector, low attack complexity, no privileges required, user interaction required, and a scope change indicating that the vulnerability affects components beyond the vulnerable device itself. No patches or official mitigations have been released at the time of publication, and no known exploits have been observed in the wild. The vulnerability is categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation), a common web application security flaw.

The primary impact of CVE-2024-28091 is on the confidentiality and integrity of users interacting with the affected router's web interface. An attacker within Wi-Fi range can inject malicious scripts that execute in the context of the victim's browser, potentially stealing session cookies, capturing credentials, or performing unauthorized actions on the router's management interface. This can lead to further compromise of the device or network if attackers leverage stolen credentials or session tokens. The requirement for user interaction (clicking the deletion 'X') limits the ease of exploitation but does not eliminate risk, especially in environments with untrusted or public Wi-Fi access. The vulnerability does not directly affect availability but could be a stepping stone for more severe attacks. Organizations relying on these Technicolor devices, particularly in residential, small office, or ISP-provided environments, may face increased risk of targeted attacks or lateral movement within local networks. The lack of patches increases exposure duration, and attackers could develop exploits if the vulnerability becomes widely known.

To mitigate CVE-2024-28091, organizations and users should first restrict physical and Wi-Fi access to trusted individuals to reduce the attack surface. Network segmentation and strong Wi-Fi encryption (WPA3 or WPA2 with strong passwords) can limit attacker proximity. Administrators should monitor for firmware updates or security advisories from Technicolor and apply patches promptly once available. In the interim, disabling or restricting access to the User Defined Service feature or the affected managed_services_add.asp page, if possible, can reduce risk. Employing web application firewalls (WAFs) or intrusion detection systems (IDS) that can detect and block XSS payloads may provide additional protection. Educating users about the risks of clicking unexpected interface elements, especially in shared environments, can help prevent exploitation. Finally, auditing router configurations and logs for suspicious activity can aid in early detection of exploitation attempts.