Low severity2.4NVD Advisory· Published Apr 1, 2024· Updated Apr 15, 2026

CVE-2024-3125

Description

A vulnerability classified as problematic was found in Zebra ZTC GK420d 1.0. This vulnerability affects unknown code of the file /settings of the component Alert Setup Page. The manipulation of the argument Address leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258868. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Stored Cross-Site Scripting in Zebra ZTC GK420d printer's Alert Setup page allows remote attackers to inject malicious JavaScript via the Address parameter.

Vulnerability

Description A stored cross-site scripting (XSS) vulnerability exists in the web portal of Zebra Technologies ZTC GK420d printers, specifically in the Alert Setup page at /settings [1]. The vulnerability stems from insufficient sanitization of the Address input field, allowing an attacker to inject arbitrary JavaScript code that gets stored and executed when the page is reloaded [1].

Exploitation

Prerequisites Exploitation requires network access to the printer's web interface and valid login credentials (default or obtained). An authenticated attacker navigates to the Alert Setup page, adds a new alert message, and inserts a malicious payload into the Address field [1]. Upon returning to the Alert Setup page, the stored payload executes in the context of the administrator's session [1].

Impact

Successful exploitation enables arbitrary JavaScript execution within the victim's browser, potentially leading to session hijacking, credential theft, redirection to malicious sites, or further attacks against connected devices [1]. The CVSS v3 base score is 2.4 (Low), indicating limited impact or complexity, but the vendor has not responded to disclosure [1].

Mitigation

No official patch is available as Zebra Technologies did not respond to the disclosure [1]. Mitigations include restricting network access to the printer's web interface, using strong passwords, and monitoring for suspicious activity. Users should consider isolating the device on a trusted network segment.

References

Vulns/ZTC_GK420d-SXSS.md at main · strik3r0x1/Vulns

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Zebra/ZTC GK420dllm-create
Range: =1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/strik3r0x1/Vulns/blob/main/ZTC_GK420d-SXSS.mdnvd
vuldb.comnvd
vuldb.comnvd
vuldb.comnvd

News mentions

No linked articles in our index yet.

cvss	0.156
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000