CVE-2023-24795 – A command execution vulnerability in JHR-N916R ... (How to Fix)

Q: How do I fix CVE-2023-24795?

Check vendor website for firmware updates; if none, consider workarounds or replacement.

Q: What is the severity of CVE-2023-24795?

CVE-2023-24795 has a CVSS score of 9.8 (CRITICAL). A command execution vulnerability in JHR-N916R router firmware allows attackers to execute arbitrary commands on affected devices, potentially gaining full control. This affects users of JHR-N916R routers with firmware version 21.11.1.1483 or earlier, exposing them to remote compromise.

📋 TL;DR

A command execution vulnerability in JHR-N916R router firmware allows attackers to execute arbitrary commands on affected devices, potentially gaining full control. This affects users of JHR-N916R routers with firmware version 21.11.1.1483 or earlier, exposing them to remote compromise.

💻 Affected Systems

Products:

JHR-N916R router

Versions: <=21.11.1.1483

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the vulnerable firmware are affected unless patched or isolated.

📦 What is this software?

Jhr N916r Firmware by Jcgcn.com

View all CVEs affecting Jhr N916r Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise leading to data theft, network disruption, or use as a botnet node.

🟠

Likely Case

Unauthorized access to router settings, data interception, or malware deployment.

🟢

If Mitigated

Limited impact if isolated or patched, but still poses risk if exposed.

🌐 Internet-Facing: HIGH, as routers are often directly accessible from the internet, enabling remote exploitation.

🏢 Internal Only: MEDIUM, as internal attackers could exploit it if they have network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available, making it easy for attackers to leverage.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Check vendor website for firmware updates; if none, consider workarounds or replacement.

🔧 Temporary Workarounds

Network Isolation

all

Restrict access to the router's management interface to trusted IPs only.

Configure firewall rules to block external access to router ports (e.g., 80, 443, 22).

Disable Unused Services

all

Turn off unnecessary services on the router to reduce attack surface.

Access router admin panel and disable remote management, UPnP, or other non-essential features.

🧯 If You Can't Patch

Replace the router with a model that receives security updates.
Implement network segmentation to limit the router's exposure to critical systems.

🔍 How to Verify

Check if Vulnerable:

Access router admin interface and check firmware version; if <=21.11.1.1483, it is vulnerable.

Check Version:

Log into router web interface and navigate to system info or use CLI command if supported (e.g., 'show version').

Verify Fix Applied:

Update firmware if available and confirm version is >21.11.1.1483.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution logs, unexpected configuration changes, or failed login attempts.

Network Indicators:

Suspicious traffic to router management ports from untrusted sources.

SIEM Query:

Example: 'source_ip:external AND dest_port:80 AND event:command_execution'

📊 Metadata

CVE ID: CVE-2023-24795

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: March 16, 2023

Last Updated: February 26, 2025

🔗 References

https://gist.github.com/yinfei6/25b30ba88396408ff85200eaf3413f0c Third Party Advisory
https://gist.github.com/yinfei6/25b30ba88396408ff85200eaf3413f0c Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24795, you might also want to check these: