Skip to main content

CVE-2023-49260: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Hongdian H8951-4G-ESP

Medium
VulnerabilityCVE-2023-49260cvecve-2023-49260cwe-79
Published: Fri Jan 12 2024 (01/12/2024, 14:25:17 UTC)
Source: CVE Database V5
Vendor/Project: Hongdian
Product: H8951-4G-ESP

Description

An XSS attack can be performed by changing the MOTD banner and pointing the victim to the "terminal_tool.cgi" path. It can be used together with the vulnerability CVE-2023-49255.

AI-Powered Analysis

AILast updated: 07/04/2025, 16:43:09 UTC

Technical Analysis

CVE-2023-49260 is a medium-severity Cross-Site Scripting (XSS) vulnerability affecting the Hongdian H8951-4G-ESP device. The vulnerability arises due to improper neutralization of input during web page generation, specifically in the handling of the Message of the Day (MOTD) banner. An attacker can exploit this flaw by modifying the MOTD banner content and then directing a victim to the vulnerable "terminal_tool.cgi" path on the device's web interface. This crafted input is not properly sanitized, allowing malicious scripts to be executed in the context of the victim's browser session. The vulnerability is notable for its potential to be chained with another vulnerability, CVE-2023-49255, which may amplify the attack's impact or ease of exploitation. According to the CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N), the attack can be launched remotely over the network without requiring privileges, but it does require user interaction (the victim must visit a malicious link). The vulnerability impacts confidentiality and integrity by potentially exposing sensitive information or enabling unauthorized actions within the victim's session, but it does not affect availability. No patches have been published yet, and there are no known exploits in the wild at this time. The affected product, Hongdian H8951-4G-ESP, is a specialized 4G communication device, likely used in industrial or telecommunication contexts.

Potential Impact

For European organizations, especially those in critical infrastructure sectors such as telecommunications, utilities, or industrial control systems, this vulnerability poses a risk of targeted attacks that could lead to session hijacking, theft of sensitive information, or unauthorized command execution within the device's management interface. Since the device is network-accessible and the attack vector requires only user interaction, phishing or social engineering campaigns could be used to trick employees or administrators into visiting malicious URLs. The chained exploitation potential with CVE-2023-49255 could further increase the severity, possibly enabling privilege escalation or broader system compromise. Confidentiality breaches could expose operational data or credentials, while integrity impacts could allow attackers to alter device configurations or logs, undermining trust and operational stability. Although availability is not directly impacted, the indirect effects of compromised device integrity could disrupt services. The lack of available patches means organizations must rely on mitigation and monitoring until fixes are released.

Mitigation Recommendations

1. Restrict access to the web management interface of the Hongdian H8951-4G-ESP devices to trusted networks only, using network segmentation and firewall rules to minimize exposure. 2. Implement strict input validation and output encoding on the device's web interface where possible, or request vendor-provided patches or firmware updates as soon as they become available. 3. Educate users and administrators about the risks of phishing and social engineering attacks that could lead to visiting malicious URLs, emphasizing caution with unexpected links related to device management. 4. Monitor network traffic and device logs for unusual access patterns or attempts to access the "terminal_tool.cgi" path with suspicious parameters. 5. Employ Web Application Firewalls (WAFs) or Intrusion Detection/Prevention Systems (IDS/IPS) capable of detecting and blocking XSS attack payloads targeting known vulnerable endpoints. 6. If feasible, disable or restrict the MOTD banner modification functionality or the vulnerable CGI endpoint until a patch is available. 7. Coordinate with the vendor Hongdian for timely updates and verify firmware integrity regularly to detect unauthorized changes.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
CERT-PL
Date Reserved
2023-11-24T11:53:46.294Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 683f034a182aa0cae27e65fa

Added to database: 6/3/2025, 2:14:34 PM

Last enriched: 7/4/2025, 4:43:09 PM

Last updated: 8/15/2025, 12:31:26 PM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats