Login Sign Up

CVE-2023-41355

9.8 CRITICAL
Denial of Service

📋 TL;DR

This vulnerability in Chunghwa Telecom NOKIA G-040W-Q routers allows unauthenticated remote attackers to send crafted ICMP redirect messages to manipulate network routing tables. Attackers can cause denial of service or intercept sensitive network traffic. Only users of these specific routers are affected.

💻 Affected Systems

Products:
  • Chunghwa Telecom NOKIA G-040W-Q
Versions: All versions prior to patch
Operating Systems: Embedded router OS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects devices with firewall function enabled. The vulnerability is in the ICMP redirect message handling.

📦 What is this software?

G 040w Q Firmware by Nokia

View all CVEs affecting G 040w Q Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete network disruption with traffic interception, allowing attackers to redirect all network traffic through malicious systems for man-in-the-middle attacks and data theft.

🟠

Likely Case

Partial network disruption and traffic redirection to attacker-controlled systems, potentially exposing credentials and sensitive data.

🟢

If Mitigated

Limited impact if ICMP redirects are filtered at network perimeter or routing tables are protected.

🌐 Internet-Facing: HIGH - Attackers can exploit remotely without authentication from the internet.
🏢 Internal Only: HIGH - Even internal attackers can exploit this without credentials.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted ICMP redirect packets to the vulnerable device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with vendor for specific patched version

Vendor Advisory: https://www.twcert.org.tw/tw/cp-132-7505-a0c94-1.html

Restart Required: Yes

Instructions:

1. Contact Chunghwa Telecom or NOKIA for firmware update. 2. Download latest firmware. 3. Apply update through router admin interface. 4. Reboot router.

🔧 Temporary Workarounds

Block ICMP Redirects at Network Perimeter

linux

Configure upstream firewalls to block incoming ICMP redirect messages

iptables -A INPUT -p icmp --icmp-type redirect -j DROP

Disable ICMP Redirect Processing

linux

Configure systems to ignore ICMP redirects if supported

sysctl -w net.ipv4.conf.all.accept_redirects=0
sysctl -w net.ipv6.conf.all.accept_redirects=0

🧯 If You Can't Patch

  • Isolate vulnerable devices in separate network segments with strict access controls
  • Implement network monitoring for ICMP redirect traffic and unauthorized routing changes

🔍 How to Verify

Check if Vulnerable:

Check if device is NOKIA G-040W-Q and test with ICMP redirect packets

Check Version:

Check router web interface or use SNMP to query system version

Verify Fix Applied:

Verify firmware version is updated and test that ICMP redirects no longer affect routing

📡 Detection & Monitoring

Log Indicators:

  • Unusual ICMP redirect messages in firewall logs
  • Unexpected routing table changes

Network Indicators:

  • Spike in ICMP redirect traffic to router
  • Unauthorized routing advertisements

SIEM Query:

source_ip=* AND icmp_type=redirect AND dest_ip=[router_ip]

📊 Metadata

CVE ID: CVE-2023-41355
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-940
Published: November 3, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-41355, you might also want to check these:

CVE-2024-40515 9.8

This critical vulnerability in Tenda AX2pro routers allows remote attackers to execute arbitrary cod...

Same vulnerability type (CWE-940)
CVE-2024-38886 9.8

This vulnerability allows remote attackers to perform traffic injection attacks against Caterease so...

Same vulnerability type (CWE-940)
CVE-2025-61932 9.8

CVE-2025-61932 is a critical vulnerability in Lanscope Endpoint Manager (On-Premises) that allows un...

Same vulnerability type (CWE-940)