CVE-2024-25734 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2024-25734?

CVE-2024-25734 has a CVSS score of 7.5 (HIGH). This vulnerability allows remote attackers to enumerate valid user accounts on WyreStorm Apollo VX20 devices by observing TELNET service behavior. The service only prompts for a password after receiving a valid username, making it possible to identify existing accounts through brute-force or dictionary attacks. This affects all WyreStorm Apollo VX20 devices running firmware versions before 1.3.58.

📋 TL;DR

This vulnerability allows remote attackers to enumerate valid user accounts on WyreStorm Apollo VX20 devices by observing TELNET service behavior. The service only prompts for a password after receiving a valid username, making it possible to identify existing accounts through brute-force or dictionary attacks. This affects all WyreStorm Apollo VX20 devices running firmware versions before 1.3.58.

💻 Affected Systems

Products:

WyreStorm Apollo VX20

Versions: All versions before 1.3.58

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: The TELNET service appears to be enabled by default on affected devices.

📦 What is this software?

Apollo Vx20 Firmware by Wyrestorm

View all CVEs affecting Apollo Vx20 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could enumerate all valid user accounts, then use credential stuffing or brute-force attacks to gain unauthorized access, potentially leading to full device compromise and network infiltration.

🟠

Likely Case

Attackers will enumerate valid usernames, increasing the efficiency of subsequent password attacks and potentially gaining administrative access to the device.

🟢

If Mitigated

With proper network segmentation and access controls, the impact is limited to information disclosure about valid usernames without leading to system compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is simple to exploit using standard TELNET clients and username enumeration scripts. Public exploit details are available in the referenced disclosures.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.58

Vendor Advisory: Not provided in references

Restart Required: Yes

Instructions:

1. Download firmware version 1.3.58 from WyreStorm support portal. 2. Upload firmware to device via web interface. 3. Apply update and restart device. 4. Verify firmware version shows 1.3.58.

🔧 Temporary Workarounds

Disable TELNET Service

all

Disable the TELNET service entirely if not required for operations

Access device web interface > Services > Disable TELNET

Network Access Control

all

Restrict TELNET access to trusted IP addresses only

Configure firewall rules to block port 23 from untrusted networks

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices from untrusted networks
Enable logging and monitoring of TELNET authentication attempts for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Connect to device TELNET service (port 23) and attempt username enumeration by observing whether password prompt appears only after valid usernames

Check Version:

Check device web interface or use SNMP query to verify firmware version is 1.3.58 or higher

Verify Fix Applied:

After patching, verify that TELNET service no longer reveals valid usernames through differential response behavior

📡 Detection & Monitoring

Log Indicators:

Multiple failed TELNET authentication attempts with different usernames
Successful username enumeration patterns

Network Indicators:

Unusual TELNET traffic from external IPs
Rapid sequential TELNET connection attempts

SIEM Query:

source_port:23 AND (event_type:authentication_failure OR event_type:connection_attempt) | stats count by src_ip

📊 Metadata

CVE ID: CVE-2024-25734

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

Published: March 27, 2024

Last Updated: November 4, 2025

🔗 References

http://packetstormsecurity.com/files/177081 Exploit,VDB Entry
https://hyp3rlinx.altervista.org Third Party Advisory
http://packetstormsecurity.com/files/177081 Exploit,VDB Entry
http://seclists.org/fulldisclosure/2024/Feb/9
https://hyp3rlinx.altervista.org Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25734, you might also want to check these: