CVE-2024-36443
📋 TL;DR
Swissphone DiCal-RED 4009 devices have an anonymous FTP service that allows remote attackers to read almost the entire file system without authentication. This affects organizations using these radio data modules for emergency communications. The vulnerability exposes sensitive configuration and operational data.
💻 Affected Systems
- Swissphone DiCal-RED 4009
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of device configuration, exposure of sensitive operational data, potential credential harvesting, and foothold for further attacks on connected systems.
Likely Case
Unauthorized access to configuration files, exposure of device settings, and potential collection of operational data that could aid in reconnaissance for further attacks.
If Mitigated
Limited exposure if FTP service is disabled or properly secured, with only minimal information leakage from accessible files.
🎯 Exploit Status
Exploitation requires only standard FTP client tools. The advisory includes demonstration of file system access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: https://www.swissphone.com/en-us/solutions/components/terminals/radio-data-module-dical-red/
Restart Required: No
Instructions:
No official patch available. Disable anonymous FTP access via device configuration interface.
🔧 Temporary Workarounds
Disable Anonymous FTP
allConfigure FTP service to require authentication or disable FTP entirely if not needed
Network Segmentation
allIsolate DiCal-RED devices in separate network segments with strict firewall rules
🧯 If You Can't Patch
- Implement strict network access controls to limit FTP access to trusted IP addresses only
- Monitor FTP logs for unauthorized access attempts and file listing activities
🔍 How to Verify
Check if Vulnerable:
Attempt anonymous FTP connection to port 21 on the device and try to list directory contentsCheck Version:
Check device firmware version via web interface or consoleVerify Fix Applied:
Verify FTP service requires authentication or is disabled. Test that anonymous access no longer works.📡 Detection & Monitoring
Log Indicators:
- Anonymous FTP login attempts
- FTP directory listing commands
- File download attempts from unusual locations
Network Indicators:
- FTP connections from unauthorized IP addresses
- FTP traffic patterns indicating file enumeration
SIEM Query:
source="ftp.log" AND (user="anonymous" OR user="ftp") AND action="LIST"