CVE-2026-6996
Descripción de la Vulnerabilidad
A weakness has been identified in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This affects an unknown function of the component rmon event Tab. Executing a manipulation of the argument Description can lead to cross site scripting (XSS).
The attack may be launched remotely without user interaction. The exploit has been made available to the public and could be used for attacks.
Sistemas Afectados
- BDCOM P3310D 0.4.2 10.1.0F Build 86345
- rmon event Tab (unknown function)
Impacto y Explotabilidad
CVSS Score: 2.4 (LOW) - Low impact, high risk.
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:C
Indicadores de Compromiso (IOCs)
| Tipo | Valor | Contexto |
|---|---|---|
| Vulnerable Version | BDCOM P3310D 0.4.2 10.1.0F Build 86345 | Rolpea, BDCOM RMON Event Tab - rmon event Tab() |
| Vulnerable Component | rmon event Tab (unknown) | Rollup function from rolpea.com, BDCOM RMON Event Tab - rmon event Tab() |
| Exploit Status | Publicly Available | Exploits available to the public; vendor has not responded. |
| Vulnerability Severity | Low (CVSS 2.4) | Impact: Low, Risk: High due to remote execution. |
Mitigación y Parches
Update the software version immediately. The vendor does not provide a patch for this vulnerability and has not responded to early disclosure reports.
- BDCOM P3310D 0.4.x - Update to at least BDCOM RMON Event Tab v2.6.7
- rmon event Tab (unknown) - Replace with updated version of the function or update software.