CVE-2024-24300 – CVE-2024-24300 is an authentication bypass vuln... (How to Fix)

Q: What is the severity of CVE-2024-24300?

CVE-2024-24300 has a CVSS score of 9.8 (CRITICAL). CVE-2024-24300 is an authentication bypass vulnerability in 4ipnet EAP-767 wireless access points where session cookies remain static across multiple logins, allowing attackers to reuse captured cookies to impersonate legitimate users. This affects all organizations using vulnerable versions of this specific hardware. The vulnerability requires network access to the device's management interface.

📋 TL;DR

CVE-2024-24300 is an authentication bypass vulnerability in 4ipnet EAP-767 wireless access points where session cookies remain static across multiple logins, allowing attackers to reuse captured cookies to impersonate legitimate users. This affects all organizations using vulnerable versions of this specific hardware. The vulnerability requires network access to the device's management interface.

💻 Affected Systems

Products:

4ipnet EAP-767

Versions: v3.42.00

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific hardware model and firmware version mentioned. Requires access to the device's management interface.

📦 What is this software?

Eap 767 Firmware by 4ipnet

View all CVEs affecting Eap 767 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the wireless access point allowing attackers to reconfigure network settings, intercept traffic, deploy malware to connected devices, and pivot to internal networks.

🟠

Likely Case

Unauthorized administrative access to the device leading to network disruption, credential theft from connected users, and potential lateral movement within the network.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though authentication bypass remains possible for attackers with network access.

🌐 Internet-Facing: HIGH - If management interface is exposed to the internet, attackers can remotely exploit this without authentication.

🏢 Internal Only: HIGH - Even internally, any user with network access to the device can exploit this vulnerability to gain administrative privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept code is publicly available on GitHub. Exploitation requires capturing a legitimate user's session cookie through network sniffing or other means.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Check 4ipnet's official website or contact vendor support for security updates. No official patch information is currently available.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate EAP-767 management interface from general network access

Configure firewall rules to restrict access to EAP-767 management IP/port to authorized administration networks only

Session Monitoring

all

Monitor for unusual session activity and cookie reuse

Implement network monitoring for repeated use of same session cookies from different IP addresses

🧯 If You Can't Patch

Replace vulnerable devices with updated hardware or alternative vendors
Implement strict network access controls and monitor all traffic to/from affected devices

🔍 How to Verify

Check if Vulnerable:

Log into the EAP-767 web interface, capture the session cookie, log out and back in, and verify if the cookie value remains identical.

Check Version:

Log into EAP-767 web interface and check System Information page for firmware version, or use: curl -k https://[device-ip]/system_info

Verify Fix Applied:

After applying any vendor update, repeat the cookie capture test to verify session cookies now change with each login.

📡 Detection & Monitoring

Log Indicators:

Multiple successful logins from different IPs using same session ID
Administrative configuration changes from unexpected IP addresses

Network Indicators:

HTTP requests to management interface with reused session cookies
Unusual administrative traffic patterns

SIEM Query:

source="eap767-logs" AND (event="login_success" AND count(session_id) > 1 BY src_ip) OR (event="config_change" AND user="admin" AND NOT src_ip IN admin_whitelist)

📊 Metadata

CVE ID: CVE-2024-24300

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-284

Published: February 14, 2024

Last Updated: March 25, 2025

🔗 References

https://github.com/yckuo-sdc/PoC Exploit,Third Party Advisory
https://github.com/yckuo-sdc/PoC Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24300, you might also want to check these: