CVE-2024-12646
📋 TL;DR
The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability due to missing CSRF protection and an Absolute Path Traversal flaw in its API. Unauthenticated remote attackers can exploit this through phishing to delete arbitrary files on users' systems. This affects all users running the vulnerable topm-client software.
💻 Affected Systems
- Chunghwa Telecom topm-client
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could delete critical system files, causing system instability, data loss, or complete system compromise by targeting OS configuration files.
Likely Case
Attackers would delete user data files, application files, or configuration files to disrupt operations or enable further attacks.
If Mitigated
With proper network segmentation and access controls, impact would be limited to the local system where the vulnerable software runs.
🎯 Exploit Status
Exploitation requires phishing to trigger the CSRF attack against the local API, but the path traversal makes file deletion straightforward once triggered.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check with Chunghwa Telecom for specific patched version
Vendor Advisory: https://www.twcert.org.tw/en/cp-139-8304-b83f8-2.html
Restart Required: Yes
Instructions:
1. Contact Chunghwa Telecom for the latest patched version of topm-client
2. Download and install the updated software
3. Restart the system to ensure the local web server runs with the patched version
🔧 Temporary Workarounds
Disable or Block Local Web Server
allPrevent the vulnerable local web server from running or block access to it
Use firewall to block the local web server port (check documentation for default port)
Stop the topm-client service if not essential
Network Segmentation
allIsolate systems running topm-client from untrusted networks
🧯 If You Can't Patch
- Implement strict network access controls to prevent external access to the local web server
- Deploy application control to prevent unauthorized modifications to the topm-client
🔍 How to Verify
Check if Vulnerable:
Check if topm-client is running and accessible locally, and verify the version against patched releases from Chunghwa TelecomCheck Version:
Check topm-client documentation or contact Chunghwa Telecom for version checking methodVerify Fix Applied:
Confirm the topm-client version matches the patched release and test that the local API no longer accepts unauthenticated requests with path traversal📡 Detection & Monitoring
Log Indicators:
- Unusual file deletion events in system logs
- Access to topm-client local web server from unexpected sources
Network Indicators:
- HTTP requests to the local topm-client web server port containing path traversal patterns (e.g., '../')
SIEM Query:
source_ip=external AND dest_port=<topm-client_port> AND (uri CONTAINS '../' OR method=DELETE)