CVE-2024-10118
📋 TL;DR
This vulnerability allows unauthenticated remote attackers to execute arbitrary system commands on SECOM WRTR-304GN-304TW-UPSC devices due to improper input filtering. Attackers can gain full control of affected devices, potentially compromising network security. All users of these specific SECOM router models are affected.
💻 Affected Systems
- SECOM WRTR-304GN-304TW-UPSC
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device takeover leading to network compromise, data exfiltration, lateral movement to other systems, and persistent backdoor installation.
Likely Case
Attackers gain remote shell access to modify configurations, intercept traffic, or use the device as a pivot point for further attacks.
If Mitigated
If network segmentation and strict firewall rules are in place, impact may be limited to the device itself rather than the entire network.
🎯 Exploit Status
The vulnerability requires no authentication and command injection is typically straightforward to exploit once the specific vulnerable functionality is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched firmware version
Vendor Advisory: https://www.twcert.org.tw/en/cp-139-8155-c1ea6-2.html
Restart Required: Yes
Instructions:
1. Check current firmware version. 2. Download latest firmware from SECOM vendor site. 3. Upload firmware via web interface. 4. Apply update and restart device.
🔧 Temporary Workarounds
Network Segmentation
allIsolate affected devices from critical network segments using VLANs or firewalls
Access Control Lists
linuxRestrict network access to device management interfaces
iptables -A INPUT -p tcp --dport 80 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
🧯 If You Can't Patch
- Replace affected devices with secure alternatives
- Deploy network-based intrusion prevention systems to detect and block exploitation attempts
🔍 How to Verify
Check if Vulnerable:
Check if device model matches affected products and firmware is unpatchedCheck Version:
Check web interface System Status or use telnet/ssh if availableVerify Fix Applied:
Verify firmware version matches patched version from vendor advisory📡 Detection & Monitoring
Log Indicators:
- Unusual command execution in system logs
- Multiple failed access attempts to vulnerable functionality
- Unexpected configuration changes
Network Indicators:
- Unusual outbound connections from router
- Traffic patterns indicating command and control activity
- Exploit attempts to router management interface
SIEM Query:
source="router_logs" AND (command="*;*" OR command="*|*" OR command="*`*" OR command="*$(*")