Description
A vulnerability has been found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This vulnerability affects unknown code of the file /?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettings of the component Misc Settings Page. The manipulation of the argument WatchdogTimerTime/BufFloodRebootTime/MaxPipeUsers/AVCache Lifetime/HTTPipeliningMaxReq/Reassembly MaxConnections/Reassembly MaxProcessingMem/ScrSaveTime leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258916.
References (6)
Core 6
Core References
Various Sources patch
https://my.clavister.com/downloads/?sid=1
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.258916
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.258916
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.303451
Various Sources exploit
https://github.com/strik3r0x1/Vulns/blob/main/Clavister_E80-RXSS.md
Various Sources related
https://docs.clavister.com/repo/cos-core-release-notes/doc/index.html#d0e2260
Scores
CVSS v3
2.4
EPSS
0.0019
EPSS Percentile
40.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (22)
Clavister/E10
14.00.0
Clavister/E10
14.00.1
Clavister/E10
14.00.10
Clavister/E10
14.00.2
Clavister/E10
14.00.3
Clavister/E10
14.00.4
Clavister/E10
14.00.5
Clavister/E10
14.00.6
Clavister/E10
14.00.7
Clavister/E10
14.00.8
... and 12 more
Published
Apr 01, 2024
Tracked Since
Feb 18, 2026