CVE-2023-39678 in OLT P3310D-2AC
Summary
by MITRE • 08/29/2023
A cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 01/25/2026
The vulnerability identified as CVE-2023-39678 represents a critical cross-site scripting flaw within the web interface of BDCOM OLT P3310D-2AC network equipment running firmware version 10.1.0F Build 69083. This security weakness resides specifically within the Log Query page functionality of the device's web management interface, creating an exploitable entry point for malicious actors seeking to compromise the system. The vulnerability stems from insufficient input validation and output encoding mechanisms that fail to properly sanitize user-supplied data before rendering it within the web interface context.
The technical exploitation of this XSS vulnerability occurs through manipulation of the username parameter, which serves as the primary injection vector for malicious payloads. When an attacker crafts a specially designed payload and submits it through the username field, the vulnerable web interface fails to adequately sanitize or escape the input before displaying it in the log query results. This allows the malicious script to execute within the context of a victim's browser session, potentially enabling attackers to perform unauthorized actions on behalf of legitimate users. The vulnerability manifests as a classic reflected XSS attack pattern where the malicious code is reflected back to the user through the device's web interface response.
The operational impact of this vulnerability extends beyond simple script execution, as it provides attackers with potential access to sensitive administrative functions and system information. An attacker could leverage this vulnerability to steal session cookies, redirect users to malicious websites, inject malware, or escalate privileges within the device's management interface. The compromised device could serve as a stepping stone for broader network infiltration, particularly in environments where network administrators rely on the web interface for routine maintenance and monitoring tasks. The vulnerability's presence in a core network infrastructure device significantly increases the potential attack surface and risk exposure for organizations utilizing this equipment.
Security professionals should implement immediate mitigations including input validation and output encoding controls to prevent unauthorized script execution within the web interface. The most effective approach involves implementing strict sanitization of all user inputs, particularly those used in dynamic content generation within web pages. Organizations should also consider implementing content security policies that restrict script execution within the device's web interface and ensure proper authentication controls are in place to limit access to privileged functions. Additionally, network segmentation and monitoring solutions should be deployed to detect anomalous behavior patterns that might indicate exploitation attempts. This vulnerability aligns with CWE-79 which specifically addresses cross-site scripting flaws, and represents a significant concern under ATT&CK technique T1059.007 for script execution within web applications. Regular firmware updates and security assessments should be conducted to address similar vulnerabilities that may exist in network infrastructure components and to maintain robust defensive postures against evolving threat landscapes.