CVE-2024-28092 identifies a stored cross-site scripting (XSS) vulnerability in the UBEE DDW365 XCNDDW365 router firmware version 8.14.3105 on hardware version 3.13.1. This vulnerability arises from insufficient input sanitization on multiple configuration web interface pages, including RgFirewallEL.asp, RgDdns.asp, RgTime.asp, RgDiagnostics.asp, and RgParentalBasic.asp. Attackers within Wi-Fi proximity can remotely inject malicious JavaScript code into various input fields such as SMTP Server Name, SMTP Username, Host Name, Time Server entries, and domain-related fields. Because the vulnerability is stored XSS, the malicious payload persists in the router’s configuration and executes whenever an administrator or user accesses the affected pages. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) indicates that the attack requires no privileges or user interaction, has low attack complexity, and affects confidentiality and integrity with a scope change, but does not impact availability. Exploiting this vulnerability could allow attackers to steal sensitive information from the router’s web interface, manipulate configurations, or perform further attacks such as session hijacking or pivoting into the internal network. No patches or fixes are currently listed, and no known exploits have been reported in the wild. The vulnerability is classified under CWE-79, a common and dangerous web security flaw.

The primary impact of CVE-2024-28092 is the compromise of router web interface confidentiality and integrity. Attackers can inject persistent malicious scripts that execute in the context of the router’s administrative interface, potentially stealing credentials, session tokens, or sensitive configuration data. This could lead to unauthorized changes in firewall rules, DNS settings, or parental controls, undermining network security. Since the attack requires only Wi-Fi proximity, it poses a significant risk in environments with open or poorly secured wireless networks, such as public Wi-Fi hotspots, apartment complexes, or corporate guest networks. The scope change in the CVSS vector suggests that the vulnerability could affect components beyond the initial vulnerable interface, possibly impacting other network devices or connected systems. Organizations relying on these routers for internet access or network perimeter security could face increased risk of lateral movement by attackers, data leakage, or service disruption through indirect means. The lack of known exploits in the wild reduces immediate risk but does not diminish the potential for future targeted attacks.

To mitigate CVE-2024-28092, organizations should first verify if their network uses UBEE DDW365 XCNDDW365 routers with the affected firmware and hardware versions. Since no official patches are currently available, immediate mitigation includes restricting physical and wireless access to the router’s management interface by: 1) Disabling remote management over Wi-Fi and restricting access to trusted wired networks only. 2) Enforcing strong Wi-Fi encryption (WPA3 or WPA2 with strong passwords) to limit attacker proximity. 3) Changing default router credentials to strong, unique passwords to prevent unauthorized login. 4) Regularly monitoring router logs and configuration for suspicious changes or unexpected entries in the affected fields. 5) If possible, replacing vulnerable routers with models from vendors that provide timely security updates. 6) Employing network segmentation to isolate critical systems from devices managed by vulnerable routers. 7) Educating network administrators about the risks of stored XSS and safe configuration practices. These steps reduce the attack surface and limit the ability of attackers to exploit the vulnerability until a firmware update or patch is released by the vendor.