Login Sign Up

CVE-2020-24377

9.6 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2020-24377 is a DNS rebinding vulnerability in Freebox Server web interfaces that allows attackers to bypass same-origin policy restrictions and interact with the local network interface as if they were on the local network. This affects Freebox Server devices running Freebox OS versions before 4.2.3. Attackers can exploit this to perform unauthorized actions on the device's web interface.

💻 Affected Systems

Products:
  • Freebox Server
Versions: Freebox OS versions before 4.2.3
Operating Systems: Freebox OS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web administration interface of Freebox Server devices. The vulnerability is present in the default configuration.

📦 What is this software?

Freebox Delta Firmware by Free

View all CVEs affecting Freebox Delta Firmware →

Freebox Mini Firmware by Free

View all CVEs affecting Freebox Mini Firmware →

Freebox One Firmware by Free

View all CVEs affecting Freebox One Firmware →

Freebox Pop Firmware by Free

View all CVEs affecting Freebox Pop Firmware →

Freebox Revolution Firmware by Free

View all CVEs affecting Freebox Revolution Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Freebox Server allowing attackers to reconfigure network settings, intercept traffic, install malicious firmware, or pivot to other devices on the local network.

🟠

Likely Case

Unauthorized access to Freebox Server web interface leading to configuration changes, DNS manipulation, or exposure of network information.

🟢

If Mitigated

Limited impact with proper network segmentation and firewall rules preventing external access to Freebox web interface.

🌐 Internet-Facing: HIGH - Freebox Server web interfaces are often exposed to the internet by default, making them directly accessible to attackers.
🏢 Internal Only: MEDIUM - Requires attacker to already be on the local network or have compromised another device on the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires DNS rebinding technique which involves controlling a malicious domain and tricking the browser into making requests to the local Freebox interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Freebox OS 4.2.3 and later

Vendor Advisory: https://dev.freebox.fr/blog/?p=10222

Restart Required: Yes

Instructions:

1. Log into Freebox Server web interface
2. Navigate to System Settings
3. Check for updates
4. Apply Freebox OS 4.2.3 or later update
5. Reboot the Freebox Server after update completes

🔧 Temporary Workarounds

Disable external web interface access

all

Configure firewall to block external access to Freebox Server web interface ports (typically 80/443)

Implement DNS filtering

all

Block known malicious domains and implement DNS security controls to prevent DNS rebinding attacks

🧯 If You Can't Patch

  • Isolate Freebox Server on separate VLAN with strict firewall rules
  • Implement network-based intrusion detection to monitor for DNS rebinding attempts

🔍 How to Verify

Check if Vulnerable:

Check Freebox OS version in web interface under System Settings > About

Check Version:

Not applicable - version check through web interface only

Verify Fix Applied:

Confirm Freebox OS version is 4.2.3 or higher in System Settings > About

📡 Detection & Monitoring

Log Indicators:

  • Unusual DNS queries for short TTL domains
  • Multiple authentication attempts from external IPs to Freebox web interface
  • Configuration changes from unexpected sources

Network Indicators:

  • DNS queries with very short TTL values
  • HTTP requests to Freebox interface from external IPs
  • Unusual port 80/443 traffic to Freebox Server

SIEM Query:

source_ip=EXTERNAL AND dest_ip=FREEBOX_IP AND (dest_port=80 OR dest_port=443) AND http_user_agent CONTAINS browser

📊 Metadata

CVE ID: CVE-2020-24377
CVSS v3 Score: 9.6 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-20
Published: September 16, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-24377, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)