CVE-2024-28092
📋 TL;DR
This vulnerability allows remote attackers within Wi-Fi range to inject malicious scripts into multiple administrative web pages of UBEE DDW365 routers. When administrators view these pages, the scripts execute in their browser, potentially compromising the router's configuration. This affects UBEE DDW365 routers running software version 8.14.3105 on hardware version 3.13.1.
💻 Affected Systems
- UBEE DDW365 XCNDDW365
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could steal administrator credentials, reconfigure the router to redirect traffic, disable security features, or gain persistent access to the network.
Likely Case
Attackers within Wi-Fi range inject malicious scripts that execute when administrators view affected pages, potentially stealing session cookies or modifying router settings.
If Mitigated
With proper network segmentation and administrative access controls, impact is limited to the router's web interface without broader network compromise.
🎯 Exploit Status
Exploitation requires attacker to be within Wi-Fi range but no authentication is needed. Multiple input fields are vulnerable across several administrative pages.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch available. Check UBEE website for firmware updates. If update is available: 1. Log into router admin interface 2. Navigate to firmware update section 3. Upload new firmware file 4. Wait for reboot
🔧 Temporary Workarounds
Disable Wi-Fi Administration
allPrevent Wi-Fi-based attacks by requiring wired connections for administrative access
Input Validation Rules
allImplement client-side and server-side input validation for all form fields
🧯 If You Can't Patch
- Segment router management interface to separate VLAN accessible only to authorized administrators
- Implement network monitoring for suspicious requests to affected ASP pages
🔍 How to Verify
Check if Vulnerable:
Check router firmware version via admin interface. If version is 8.14.3105 and hardware is 3.13.1, the device is vulnerable.Check Version:
Log into router web interface and check System Status or About pageVerify Fix Applied:
After firmware update, verify version has changed from 8.14.3105. Test input fields for proper sanitization.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to RgFirewallEL.asp, RgDdns.asp, RgTime.asp, RgDiagnostics.asp, or RgParentalBasic.asp with script tags in parameters
Network Indicators:
- Multiple requests to administrative pages from unauthorized IPs, especially with encoded script content
SIEM Query:
source="router_logs" AND (uri="*RgFirewallEL.asp*" OR uri="*RgDdns.asp*" OR uri="*RgTime.asp*" OR uri="*RgDiagnostics.asp*" OR uri="*RgParentalBasic.asp*") AND (param="*<script*" OR param="*javascript:*")