CVE-2024-8693

CVSS 3.1 Score 2.4 of 10 (low)

Details

Published Sep 11, 2024
Updated: Sep 12, 2024
CWE ID 79

Summary

CVE-2024-8693 identifies a cross-site scripting (XSS) vulnerability in the Kaon CG3000 version 1.01.43, specifically within the dhcpcd Command Handler component. This vulnerability allows for remote exploitation by manipulating the argument -h with malicious input, such as alert('XSS'). Affected products include those categorized under ygwTCO. The vendor has not responded to disclosure efforts regarding this issue, which poses a low severity risk with an exploitability score of 0.9, requiring high privileges and user interaction to execute an attack. Organizations should remediate this vulnerability by validating and sanitizing inputs to prevent script injections through web interfaces.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share