CVE-2024-44573 is a stored cross-site scripting (XSS) vulnerability identified in the VLAN configuration component of RELY-PCIe devices, specifically affecting firmware versions from v22.2.1 up to v23.1.0. Stored XSS occurs when malicious scripts injected by an attacker are permanently saved by the web application and executed when a user accesses the affected page. In this case, an attacker can craft a payload containing malicious JavaScript or HTML and inject it into the VLAN configuration interface. When an administrator or user accesses this interface, the malicious script executes in their browser context, potentially allowing session hijacking, unauthorized actions, or redirection to malicious sites. The vulnerability requires no authentication or privileges to inject the payload, but user interaction is necessary to trigger the script execution. The CVSS 3.1 base score of 4.7 reflects a medium severity, with network attack vector, low attack complexity, no privileges required, but user interaction needed. The scope is changed (S:C), indicating the vulnerability affects components beyond the vulnerable code itself, and the impact is limited to integrity (I:L) without confidentiality or availability impact. No known exploits have been reported in the wild, and no official patches have been released at the time of publication. The vulnerability is classified under CWE-79, which covers improper neutralization of input during web page generation. RELY-PCIe devices are typically used in network infrastructure, so exploitation could impact network management and security.

The primary impact of CVE-2024-44573 is on the integrity of the web management interface of RELY-PCIe devices. Successful exploitation could allow attackers to execute arbitrary scripts in the context of an administrator’s browser session, potentially leading to session hijacking, unauthorized configuration changes, or redirection to malicious websites. Although confidentiality and availability are not directly affected, the compromise of device management interfaces can indirectly lead to broader network security risks. Organizations relying on RELY-PCIe hardware for VLAN management could face increased risk of targeted attacks, especially if the management interface is exposed to untrusted networks or insufficiently protected. The requirement for user interaction and the absence of known exploits reduce the immediacy of the threat, but the vulnerability remains a significant risk in environments with lax access controls. This could be particularly impactful in sectors where network segmentation and VLAN configurations are critical for security, such as telecommunications, finance, and critical infrastructure.

1. Restrict access to the RELY-PCIe device management interface to trusted networks only, using network segmentation and firewall rules to prevent exposure to untrusted or public networks. 2. Implement strong authentication and session management controls to reduce the risk of session hijacking if XSS is exploited. 3. Monitor and audit VLAN configuration changes and web interface access logs for suspicious activity that could indicate exploitation attempts. 4. Employ web application firewalls (WAFs) or intrusion prevention systems (IPS) capable of detecting and blocking XSS payloads targeting the device’s web interface. 5. Until an official patch is released, consider disabling or limiting the VLAN configuration web interface if operationally feasible. 6. Educate administrators about the risks of clicking on untrusted links or opening suspicious content while logged into device management consoles. 7. Validate and sanitize all user inputs on the VLAN configuration interface in future firmware updates to prevent injection of malicious scripts. 8. Stay informed about vendor advisories and apply patches promptly once available.