CVE-2024-3125

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Apr 1, 2024

Updated: May 17, 2024

CWE ID 79

Summary

CVE-2024-3125 is a newly disclosed cross-site scripting vulnerability affecting the Alert Setup Page component of Zebra ZTC GK420d 1.0. The issue lies in the unknown code of the /settings file and can be triggered by manipulating the Address argument. This vulnerability enables remote attackers to inject malicious scripts, posing a significant security risk. Despite early disclosure to the vendor, there has been no response or patch released. This vulnerability has been assigned identifier VDB-258868.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vKAeJr
https://www.cve.org/CVERecord?id=CVE-2024-3125
https://nvd.nist.gov/vuln/detail/CVE-2024-3125

Back to Vulnerability Database

CVE-2024-3125

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations