Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-40112

A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information.

Published

2025-06-02T16:15:26.880

Last Modified

2025-06-25T19:29:17.833

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-98

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	sitecom	wlx-2006_firmware	≤ 1.5	Yes
Hardware	sitecom	wlx-2006	-	No

References

http://www.sitecomlearningcentre.com/products/wlx-2006v1001/wi-fi-range-extender-n300/downloads Broken Link ([email protected])
https://github.com/Emm448/vulnerability-research/tree/main/CVE-2024-40112 Exploit, Third Party Advisory ([email protected])