CVE-2023-38944 – This vulnerability allows attackers to bypass a... (How to Fix)

Q: What is the severity of CVE-2023-38944?

CVE-2023-38944 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to bypass access controls in Multilaser RE160V and RE163V routers by modifying an HTTP header, granting complete application access. Affected users are those running the vulnerable firmware versions on these specific router models.

📋 TL;DR

This vulnerability allows attackers to bypass access controls in Multilaser RE160V and RE163V routers by modifying an HTTP header, granting complete application access. Affected users are those running the vulnerable firmware versions on these specific router models.

💻 Affected Systems

Products:

Multilaser RE160V
Multilaser RE163V

Versions: RE160V firmware v12.03.01.09_pt, RE163V firmware v12.03.01.10_pt

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only specific firmware versions for these Brazilian router models are affected. Other models or versions may not be vulnerable.

📦 What is this software?

Re160v Firmware by Multilaser

View all CVEs affecting Re160v Firmware →

Re163v Firmware by Multilaser

View all CVEs affecting Re163v Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of router administration, allowing attackers to reconfigure network settings, intercept traffic, install malware, or use the router as an attack platform.

🟠

Likely Case

Unauthorized access to router administration panel leading to network configuration changes, DNS hijacking, or credential theft.

🟢

If Mitigated

Limited impact if routers are behind firewalls with restricted administrative access and network segmentation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to attackers.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they gain network access, though external exploitation is more likely.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability involves simple HTTP header manipulation, making exploitation straightforward with basic web tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Check Multilaser website for firmware updates. If unavailable, consider workarounds or replacement.

🔧 Temporary Workarounds

Restrict Administrative Access

all

Limit router administration to specific IP addresses or disable remote administration entirely.

Network Segmentation

all

Place routers in isolated network segments with strict firewall rules limiting inbound traffic.

🧯 If You Can't Patch

Replace affected routers with models receiving security updates
Implement network monitoring for suspicious HTTP header manipulation attempts

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in administration panel. If running affected versions, assume vulnerable.

Check Version:

Login to router admin panel and check firmware version in system settings.

Verify Fix Applied:

Verify firmware has been updated to a version not listed in affected versions. Test access control by attempting header manipulation.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests with modified headers to router administration interface
Multiple failed login attempts followed by successful access

Network Indicators:

HTTP traffic to router admin interface with abnormal headers
Unexpected configuration changes from unknown IP addresses

SIEM Query:

source_ip=* AND dest_ip=router_ip AND http_user_agent CONTAINS 'malicious' OR http_header CONTAINS 'bypass'

📊 Metadata

CVE ID: CVE-2023-38944

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

Published: March 6, 2024

Last Updated: November 4, 2025

🔗 References

https://seclists.org/fulldisclosure/2024/Mar/0 Exploit,Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/0
https://seclists.org/fulldisclosure/2024/Mar/0 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38944, you might also want to check these: