CVE-2024-31971 identifies multiple stored cross-site scripting (XSS) vulnerabilities in the web management interface of AdTran NetVanta 3120 devices running firmware version 18.01.01.00.E. Stored XSS occurs when malicious JavaScript code is injected and permanently stored on the target device, later executed in the context of an administrator’s browser session. The affected endpoints include several HTML pages responsible for device configuration and monitoring, such as /mainPassword.html, /processIdentity.html, and /dhcp.html, among others. An attacker can remotely send crafted requests to inject JavaScript payloads that will execute when an authenticated user accesses these pages. This can lead to session hijacking, theft of administrative credentials, or unauthorized configuration changes, compromising the confidentiality and integrity of the device and its network environment. The vulnerability requires no authentication to inject the payload but does require the victim to interact with the malicious content, such as clicking a link or visiting a compromised page. The CVSS 3.1 score of 6.1 reflects a network attack vector with low complexity and no privileges required, but user interaction is necessary, and the impact on availability is none. No patches or official remediation guidance have been published at the time of disclosure, and no exploits are known to be active in the wild. The vulnerability is tracked under CWE-79, which covers improper neutralization of input leading to XSS attacks.

The primary impact of CVE-2024-31971 is on the confidentiality and integrity of the affected AdTran NetVanta 3120 devices. Successful exploitation allows attackers to execute arbitrary JavaScript in the context of an administrator’s browser session, potentially leading to session hijacking, credential theft, and unauthorized device configuration changes. This can compromise the security posture of the network managed by these devices, enabling further lateral movement or persistent access. Although availability is not directly affected, the indirect consequences of unauthorized configuration changes could disrupt network operations. Organizations relying on these devices for critical network infrastructure, especially in enterprise or service provider environments, face increased risk of targeted attacks. The absence of known exploits reduces immediate risk but also means attackers may develop exploits in the future. The medium severity rating indicates a significant but not critical threat, emphasizing the need for timely mitigation to prevent exploitation.

To mitigate CVE-2024-31971, organizations should first restrict access to the web management interface of AdTran NetVanta 3120 devices to trusted networks and administrators only, ideally via VPN or isolated management VLANs. Implement strict input validation and sanitization on all user-supplied data fields within the device’s web interface, if possible through firmware updates or configuration changes. Monitor administrative access logs for unusual activity or repeated access to the vulnerable pages. Employ web application firewalls (WAFs) or intrusion detection systems (IDS) to detect and block malicious payloads targeting these endpoints. Educate administrators to avoid clicking on suspicious links or visiting untrusted pages while logged into the device management interface. Regularly check for firmware updates or security advisories from AdTran and apply patches promptly once available. If no patch is available, consider temporary compensating controls such as disabling the vulnerable web interface features or using alternative management methods like SSH or SNMP with strong authentication.