CVE-2024-8693 in CG3000
Summary
by MITRE • 09/11/2024
A vulnerability, which was classified as problematic, has been found in Kaon CG3000 1.01.43. Affected by this issue is some unknown functionality of the component dhcpcd Command Handler. The manipulation of the argument -h with the input alert('XSS') leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/20/2026
This vulnerability resides within the Kaon CG3000 1.01.43 device, specifically affecting the dhcpcd Command Handler component that manages dynamic host configuration protocol client operations. The flaw manifests when the argument -h is manipulated with the payload alert('XSS'), creating a cross-site scripting condition that allows arbitrary code execution within the context of the affected application. The vulnerability's classification as problematic indicates a significant security risk that could compromise user sessions and potentially lead to full system compromise. This issue represents a critical flaw in the device's input validation mechanisms, where user-supplied parameters are not properly sanitized before being processed by the command handler.
The technical exploitation of this vulnerability occurs through remote manipulation of the dhcpcd Command Handler component, which accepts command-line arguments without adequate sanitization or validation. When an attacker supplies the malicious argument -h with the alert('XSS') payload, the system processes this input directly without proper encoding or filtering, resulting in the execution of malicious javascript code within the victim's browser context. This type of vulnerability aligns with CWE-79, which specifically addresses cross-site scripting flaws in web applications and network devices. The attack vector is particularly concerning as it requires no authentication or local access, making it accessible to any remote attacker who can interact with the device's network interface.
The operational impact of this vulnerability extends beyond simple script execution, as it could enable attackers to perform session hijacking, steal sensitive information, or even gain unauthorized access to the device's administrative functions. The fact that this exploit has been publicly disclosed and is available for use significantly increases the risk profile, as it eliminates the need for sophisticated exploitation techniques and allows even less skilled attackers to leverage the vulnerability. Network administrators face the challenge of securing devices that may be accessible from untrusted networks, particularly in environments where the CG3000 devices are exposed to external traffic or where multiple users may have access to the device's configuration interfaces. The lack of vendor response to early disclosure attempts compounds the problem, leaving users without official patches or mitigations to address the vulnerability.
Organizations should immediately implement network segmentation to isolate these devices from untrusted networks and establish monitoring protocols to detect potential exploitation attempts. The recommended mitigations include implementing proper input validation and output encoding mechanisms within the dhcpcd Command Handler component, as well as applying network-level restrictions that prevent unauthorized access to the device's command interfaces. Additionally, organizations should consider implementing web application firewalls or similar protections to detect and block malicious payloads targeting this specific vulnerability. The ATT&CK framework categorizes this as a web application attack vector, specifically involving command injection and client-side code execution techniques that could lead to privilege escalation and persistent access within the affected network environment.