CVE-2024-0387

Name of the Vulnerable Software and Affected Versions EDS-4000/G4000 Series versions prior to 3.2

Description The issue is related to a bypass of access control mechanisms in the web service of the EDS-4000/G4000 Series managed switch firmware. This could allow a remote attacker to send requests to the vulnerable device and, from there, to other devices on the network, potentially bypassing access controls or hiding the source of malicious requests. The affected devices include IP forwarding capabilities that cannot be deactivated by users, which an attacker may exploit to forward requests to a target.

Recommendations For versions prior to 3.2, consider disabling IP forwarding capabilities as a temporary workaround until a patch is available. Restrict access to the web service of the managed switch to minimize the risk of exploitation. Avoid using the device as a relay for requests to other network devices until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.