CVE-2024-0554 MEDIUM

CVE-2024-0554: Cross-site scripting (XSS) vulnerability on WIC1200

Vendor Full Compass Systems
Product WIC1200
Weakness CWE-79 · XSS
Published January 16, 2024
Last update June 2, 2025

CVSS base score

5.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A Cross-site scripting (XSS) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diags_ir_learn.asp', allowing the attacker to retrieve the session details of another user.

Key dates

02Disclosure timeline

January 16, 2024 CVE published
June 2, 2025 Record updated