CVE-2024-8693
CVSS 3.1 Score 2.4 of 10 (low)
Details
Summary
CVE-2024-8693 identifies a cross-site scripting (XSS) vulnerability in the Kaon CG3000 version 1.01.43, specifically within the dhcpcd Command Handler component. This vulnerability allows for remote exploitation by manipulating the argument -h with malicious input, such as alert('XSS'). Affected products include those categorized under ygwTCO. The vendor has not responded to disclosure efforts regarding this issue, which poses a low severity risk with an exploitability score of 0.9, requiring high privileges and user interaction to execute an attack. Organizations should remediate this vulnerability by validating and sanitizing inputs to prevent script injections through web interfaces.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.