CVE-2023-24046

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Connectize AC21000 G6 version 641.139.1.1256

Description An issue in the Connectize AC21000 G6 allows attackers to run arbitrary commands via a crafted string in the ping utility. The vulnerability is caused by weaknesses in the authorization procedure of the diagnostic ping function in the router's firmware. This can allow a remote attacker to execute arbitrary commands.

Recommendations For version 641.139.1.1256, consider disabling the ping utility until a patch is available to prevent exploitation. Restrict access to the device to minimize the risk of privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Improper Authorization

CSRF

Improper Authentication

Command Injection

Using Hardcoded Credentials

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-285CWE-352CWE-287CWE-645CWE-77CWE-798CWE-521CWE-79

Related Identifiers

BDU:2023-07067

BDU:2023-07068

BDU:2023-07069

BDU:2023-07070

BDU:2023-07071

BDU:2023-07072

BDU:2023-07073

CVE-2023-24046

Affected Products

Connectize Ac21000 G6

CVE-2023-24046

Weakness Enumeration

Related Identifiers

Affected Products

References · 20