Login Sign Up

CVE-2023-24838

9.8 CRITICAL
Remote Code Execution Authentication Bypass

📋 TL;DR

HGiga PowerStation has an information leakage vulnerability that allows unauthenticated remote attackers to obtain administrator credentials. These credentials can be used to log into PowerStation or Secure Shell to achieve remote code execution. All systems running vulnerable versions of HGiga PowerStation are affected.

💻 Affected Systems

Products:
  • HGiga PowerStation
Versions: Specific versions not detailed in provided references; check vendor advisory for exact affected versions.
Operating Systems: Unknown
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default configuration; unauthenticated access to credential leakage endpoint.

📦 What is this software?

Powerstation Firmware by Hgiga

View all CVEs affecting Powerstation Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution, data theft, and potential lateral movement within the network.

🟠

Likely Case

Administrative credential theft leading to unauthorized access and potential data exfiltration.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent credential misuse.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires unauthenticated access to specific endpoint; credential leakage leads to RCE via login.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version.

Vendor Advisory: https://www.twcert.org.tw/tw/cp-132-6957-d8f67-1.html

Restart Required: Yes

Instructions:

1. Check vendor advisory for patched version. 2. Backup system. 3. Apply patch from vendor. 4. Restart services. 5. Verify fix.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to PowerStation management interface to trusted IPs only.

Use firewall rules to allow only specific IPs to access PowerStation ports.

Credential Rotation

all

Change all administrator credentials immediately to prevent credential reuse attacks.

Change passwords for all PowerStation admin accounts via management interface.

🧯 If You Can't Patch

  • Isolate vulnerable system from internet and untrusted networks.
  • Implement strict network segmentation and monitor for unauthorized access attempts.

🔍 How to Verify

Check if Vulnerable:

Test if unauthenticated access to credential leakage endpoint exists; check vendor advisory for specific testing methods.

Check Version:

Check PowerStation web interface or CLI for version information.

Verify Fix Applied:

Verify patch version matches vendor recommendation and test that credential leakage endpoint is no longer accessible.

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated access attempts to admin credential endpoints
  • Multiple failed login attempts followed by successful admin login

Network Indicators:

  • Unusual traffic to PowerStation management ports from untrusted sources

SIEM Query:

source_ip NOT IN trusted_ips AND destination_port IN [PowerStation_ports] AND http_status=200

📊 Metadata

CVE ID: CVE-2023-24838
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-200
Published: March 27, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24838, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)