GOCLOUD Networks (GAOKE Networks) — 0C:D9:23 (MA-L)

The OUI 0C:D9:23 is an IEEE MA-L block (24-bit prefix, ~16.7M addresses) registered to "GOCLOUD Networks(GAOKE Networks)" at Room 5-301-A02, No. 3000, Longdong Road, Pudong, Shanghai 201203, China. The registrant name fuses two overlapping Chinese networking brands and the exact corporate relationship is not confirmed in public sources: Gocloud (高恪) is a maker of enterprise and internet-cafe router firmware and network-management software whose appliances include the S2A, S3A (K2P MTK), and ISP3000 series; GAOKE / Gaoke (高科, Guangzhou Gaoke Communications Technology) is a separate manufacturer of 4G/5G LTE CPE, industrial M2M routers, VoIP gateways, and FTTH/GPON ONU/ONT home gateways exported worldwide. So this OUI's hardware class is network-perimeter equipment — routers, CPE, and ONUs — which is operationally relevant because such devices sit at the network edge. The notable security context is CVE-2020-8949 (CVSS 8.8), a confirmed authenticated OS-command-injection RCE in Gocloud router firmware (ping diagnostic endpoint) with no documented patch in the NVD record, affecting S2A, S3A, and ISP3000 firmware builds. A separate, unconfirmed pre-authentication RCE 0-day for a "GoCloud Router" was offered on the dark web in November 2024 with no CVE and no advisory — treat that strictly as an unverified threat-intel signal, not a fact. As always for OUI data, IEEE publishes no registration date; the "15 November 2022" date carried by third-party MAC databases is a database artifact and is not recorded here.

IEEE assignment

0C:D9:23 → GOCLOUD Networks(GAOKE Networks) [Confirmed] — enrichment/registries/oui.csv line 361; https://standards-oui.ieee.org/oui/oui.txt

Registry / block size

MA-L (24-bit OUI, ~16.7M addresses) [Confirmed] — https://maclookup.app/vendors/gocloud-networks-gaoke-networks

Registered address

Room 5-301-A02, No. 3000, Longdong Road, Pudong, Shanghai 201203, CN [Confirmed] — registry (oui.csv); corroborated https://udger.com/resources/mac-address-vendor-detail?name=gocloud_networksgaoke_networks , https://hwaddress.com/company/gocloud-networksgaoke-networks/

Country

CN [Confirmed] — registry (oui.csv)

Registration date

null — IEEE publishes NO OUI assignment date. Third-party databases (maclookup.app, udger.com) report "15 Nov 2022", but that is a database artifact, not an IEEE first-party fact, and is NOT recorded. [Unknown] — https://standards-oui.ieee.org/oui/oui.txt

Vendor identity

registrant name fuses two overlapping Chinese brands — Gocloud (高恪, gocloud.cn; enterprise/internet-cafe router firmware) and GAOKE/Gaoke (高科, gk-tel.com; Guangzhou Gaoke Communications, CPE/ONT/LTE manufacturer founded 1993/1995). Direct corporate linkage to the Pudong registrant is not confirmed in public sources. [Likely] — http://www.gocloud.cn/ , https://www.gk-tel.com/ , https://www.linkedin.com/company/guangzhou-gaoke-communications-technology-co-ltd

Device types

enterprise / internet-cafe routing appliances, 4G/5G LTE CPE, industrial M2M routers, FTTH/GPON ONU/ONT gateways, VoIP gateways, WiFi access points. The specific product family behind 0C:D9:23 traffic in the wild is Unknown — no public network-scan corroboration found. [Likely] — https://www.gk-tel.com/Product/index_100000001118316.html , https://www.made-in-china.com/showroom/gaoke1993/

Security context

CVE-2020-8949 (CVSS v3.1 8.8 HIGH, CWE-78) — authenticated OS command injection in Gocloud router firmware via the ping diagnostic endpoint (cgi-bin/webui/admin/tools/app_ping/diag_ping/); affects S2A_WL 4.2.7.16471, S2A 4.2.7.17278/4.3.0.15815/4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, ISP3000 4.3.0.17190; no patch documented in NVD; no CISA KEV listing found. A separate UNCONFIRMED pre-auth RCE 0-day for "GoCloud Router" was listed on the dark web Nov 2024 (no CVE, no advisory) — unverified threat-intel signal only. [Confirmed for CVE; Likely/unverified for the 0-day claim] — https://nvd.nist.gov/vuln/detail/CVE-2020-8949 , https://github.com/advisories/GHSA-fr6x-3vx5-3qj2 , https://x.com/DailyDarkWeb/status/1857081100872396883

IANA Reference

blank — no applicable IANA RFC for this OUI entry [Unknown]

Analyst note

This is network-perimeter equipment from a Chinese ODM tier commonly deployed in SMB/ISP and emerging-market contexts; a confirmed unpatched authenticated RCE (CVE-2020-8949) plus an unverified dark-web 0-day claim warrant a moderate-to-elevated risk read for asset classification, but OUI alone does not identify the specific product or firmware version. [Likely] — https://nvd.nist.gov/vuln/detail/CVE-2020-8949