CVE-2023-24135 – This CVE describes a command injection vulnerab... (How to Fix)

Q: What is the severity of CVE-2023-24135?

CVE-2023-24135 has a CVSS score of 7.8 (HIGH). This CVE describes a command injection vulnerability in Jensen of Scandinavia Eagle 1200AC routers running firmware version V15.03.06.33_en. Attackers can execute arbitrary commands by manipulating the mac parameter in the formWriteFacMac function, potentially gaining full control of affected devices. Organizations using these specific router models with the vulnerable firmware are at risk.

📋 TL;DR

This CVE describes a command injection vulnerability in Jensen of Scandinavia Eagle 1200AC routers running firmware version V15.03.06.33_en. Attackers can execute arbitrary commands by manipulating the mac parameter in the formWriteFacMac function, potentially gaining full control of affected devices. Organizations using these specific router models with the vulnerable firmware are at risk.

💻 Affected Systems

Products:

Jensen of Scandinavia Eagle 1200AC

Versions: V15.03.06.33_en

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific firmware version mentioned; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

Eagle 1200ac Firmware by Jensenofscandinavia

View all CVEs affecting Eagle 1200ac Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router allowing attackers to pivot to internal networks, intercept traffic, deploy malware, or use the device as part of a botnet.

🟠

Likely Case

Router takeover leading to network disruption, credential theft, or deployment of cryptocurrency miners.

🟢

If Mitigated

Limited impact if network segmentation isolates the router and external access is restricted.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to attackers.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability appears to be exploitable without authentication based on the description and references showing proof-of-concept details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No vendor advisory found in provided references

Restart Required: Yes

Instructions:

1. Check vendor website for firmware updates. 2. Download latest firmware. 3. Backup current configuration. 4. Upload and install new firmware. 5. Restart router. 6. Restore configuration if needed.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict access to router management interface to trusted IP addresses only

Disable Unnecessary Services

all

Disable any unnecessary management interfaces or services that might expose the vulnerable function

🧯 If You Can't Patch

Isolate affected routers in a separate VLAN with strict firewall rules
Implement network monitoring for unusual outbound connections from routers

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface at System > Firmware or via SSH with 'cat /proc/version'

Check Version:

ssh admin@router-ip 'cat /proc/version' or check web interface

Verify Fix Applied:

Verify firmware version has been updated to a version later than V15.03.06.33_en

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Multiple failed login attempts followed by successful access
Unexpected process creation

Network Indicators:

Unusual outbound connections from router
Traffic to known malicious IPs
Unexpected SSH or telnet connections

SIEM Query:

source="router-logs" AND ("formWriteFacMac" OR "mac parameter" OR suspicious_command_execution)

📊 Metadata

CVE ID: CVE-2023-24135

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: January 22, 2024

Last Updated: November 21, 2024

🔗 References

http://eagle.com Product
http://jensen.com Not Applicable
https://oxnan.com/img/Pasted%20image%2020230112110814.png Broken Link
https://oxnan.com/posts/WriteFacMac-Command-Injection Exploit,Third Party Advisory
http://eagle.com Product
http://jensen.com Not Applicable
https://oxnan.com/img/Pasted%20image%2020230112110814.png Broken Link
https://oxnan.com/posts/WriteFacMac-Command-Injection Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24135, you might also want to check these: