CVE-2023-25201 – This CVE describes a Cross-Site Request Forgery... (How to Fix)

Q: What is the severity of CVE-2023-25201?

CVE-2023-25201 has a CVSS score of 8.8 (HIGH). This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 devices running firmware v6.0.0. It allows remote attackers to upload malicious scripts and execute arbitrary code by tricking authenticated users into visiting specially crafted web pages. Organizations using these specific MultiTech access points with vulnerable firmware are affected.

📋 TL;DR

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 devices running firmware v6.0.0. It allows remote attackers to upload malicious scripts and execute arbitrary code by tricking authenticated users into visiting specially crafted web pages. Organizations using these specific MultiTech access points with vulnerable firmware are affected.

💻 Affected Systems

Products:

MultiTech Conduit AP MTCAP2-L4E1
MultiTech Conduit AP MTCAP2-L4E1-868-042A

Versions: v6.0.0

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects specific MultiTech Conduit AP models with exact firmware version 6.0.0. Requires authenticated user interaction via CSRF.

📦 What is this software?

Conduit Ap Mtcap2 L4e1 868 042a Firmware by Multitech

View all CVEs affecting Conduit Ap Mtcap2 L4e1 868 042a Firmware →

Conduit Ap Mtcap2 L4e1 Firmware by Multitech

View all CVEs affecting Conduit Ap Mtcap2 L4e1 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to execute arbitrary code, modify device configuration, establish persistence, and potentially pivot to internal networks.

🟠

Likely Case

Unauthorized script execution leading to device configuration changes, data exfiltration, or disruption of network services.

🟢

If Mitigated

Attack fails due to CSRF protections, proper network segmentation, or lack of authenticated user interaction.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires tricking an authenticated user into visiting a malicious page. No public exploit code identified in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after v6.0.0 (check vendor for specific fixed version)

Vendor Advisory: https://www.multitech.com

Restart Required: Yes

Instructions:

1. Check MultiTech website for security advisory. 2. Download latest firmware version. 3. Backup current configuration. 4. Upload and apply new firmware via web interface or CLI. 5. Verify successful update and restore configuration if needed.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to web interface forms if custom web interface exists

Custom implementation required - no standard commands

Network Segmentation

all

Isolate MultiTech APs from critical networks and restrict web interface access

firewall rules to restrict access to AP management interface

🧯 If You Can't Patch

Restrict web interface access to trusted IP addresses only using firewall rules
Implement strict user access controls and require re-authentication for sensitive actions

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface (System > Status) or CLI command 'show version'

Check Version:

show version (CLI) or check System Status in web interface

Verify Fix Applied:

Confirm firmware version is updated beyond v6.0.0 and test CSRF protection on script upload functionality

📡 Detection & Monitoring

Log Indicators:

Unexpected script uploads
Unauthorized configuration changes
Multiple failed authentication attempts followed by successful upload

Network Indicators:

Unusual outbound connections from AP
HTTP POST requests to upload endpoints from unexpected sources

SIEM Query:

source="multitech-ap" AND (event="upload" OR event="script_execution")

📊 Metadata

CVE ID: CVE-2023-25201

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: July 7, 2023

Last Updated: November 21, 2024

🔗 References

https://herolab.usd.de/security-advisories/ Exploit,Third Party Advisory
https://www.multitech.com Product
https://herolab.usd.de/security-advisories/ Exploit,Third Party Advisory
https://www.multitech.com Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25201, you might also want to check these: