Login Sign Up

CVE-2024-55546

5.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

Missing input validation in the ORing IAP-420 web interface allows attackers to inject malicious scripts that persist in the system (stored XSS). This affects IAP-420 version 2.01e and below, potentially compromising users who access the web interface.

💻 Affected Systems

Products:
  • ORing IAP-420
Versions: 2.01e and below
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All configurations with web interface enabled are vulnerable. The device is typically deployed as a wireless access point.

📦 What is this software?

Iap 420 Firmware by Oringnet

View all CVEs affecting Iap 420 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker steals administrator credentials, takes full control of the device, and uses it as a foothold to attack other network systems.

🟠

Likely Case

Attacker steals session cookies or credentials from authenticated users, leading to unauthorized access to the device configuration.

🟢

If Mitigated

If proper network segmentation and access controls are in place, impact is limited to the device itself with no lateral movement.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authentication to the web interface. Public proof-of-concept exists in the referenced disclosures.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 2.01e (check vendor for specific fixed version)

Vendor Advisory: Not provided in references

Restart Required: Yes

Instructions:

1. Download latest firmware from ORing support portal. 2. Backup current configuration. 3. Upload firmware via web interface. 4. Reboot device. 5. Restore configuration if needed.

🔧 Temporary Workarounds

Disable web interface

all

Disable the vulnerable web interface if not required for operations

Use CLI: configure terminal
no web-server enable

Restrict web interface access

linux

Limit access to web interface using firewall rules to trusted IPs only

iptables -A INPUT -p tcp --dport 80 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate IAP-420 from critical systems
  • Deploy web application firewall (WAF) with XSS protection rules in front of the device

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface: System > System Information > Firmware Version

Check Version:

curl -k https://device-ip/system_info | grep Firmware

Verify Fix Applied:

Verify firmware version is above 2.01e and test XSS payload injection in input fields

📡 Detection & Monitoring

Log Indicators:

  • Unusual long strings in web interface input fields
  • Multiple failed login attempts followed by successful login

Network Indicators:

  • Unusual outbound connections from IAP-420 device
  • HTTP requests with suspicious script tags in parameters

SIEM Query:

source="IAP-420" AND (url="*<script>*" OR method=POST AND size>1000)

📊 Metadata

CVE ID: CVE-2024-55546
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: December 10, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-55546, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)