CVE-2024-36445
📋 TL;DR
CVE-2024-36445 allows remote attackers to gain root shell access on Swissphone DiCal-RED 4009 devices via unauthenticated TELNET. This affects organizations using these radio data modules for emergency communications. Attackers can fully compromise devices without any credentials.
💻 Affected Systems
- Swissphone DiCal-RED 4009
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device takeover allowing attackers to intercept/modify emergency communications, deploy ransomware, or use devices as footholds into critical networks.
Likely Case
Attackers gain persistent backdoor access to monitor communications, disrupt emergency services, or pivot to other network systems.
If Mitigated
If TELNET is disabled and devices are isolated, impact is limited to denial of service if attackers can still reach devices.
🎯 Exploit Status
Simple TELNET connection without credentials provides root shell. Public exploit code exists in advisory references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check with Swissphone for specific firmware version
Vendor Advisory: https://www.swissphone.com/en-us/solutions/components/terminals/radio-data-module-dical-red/
Restart Required: Yes
Instructions:
1. Contact Swissphone for latest firmware. 2. Backup device configuration. 3. Apply firmware update via management interface. 4. Verify TELNET service is disabled post-update.
🔧 Temporary Workarounds
Disable TELNET service
linuxImmediately disable TELNET service on all devices
telnetd -l /bin/sh -p 23 (check if running)
killall telnetd
remove telnetd from startup
Network segmentation
allIsolate DiCal-RED devices in separate VLAN with strict firewall rules
🧯 If You Can't Patch
- Immediately disable TELNET service on all devices and block port 23 at network perimeter
- Implement strict network segmentation and monitor for any TELNET connection attempts
🔍 How to Verify
Check if Vulnerable:
Attempt TELNET connection to device port 23 without credentials. If you get a root shell prompt, device is vulnerable.Check Version:
Check device web interface or contact Swissphone for version verificationVerify Fix Applied:
Verify TELNET service is not running (port 23 closed) and attempt connection fails. Check firmware version matches patched release.📡 Detection & Monitoring
Log Indicators:
- TELNET connection logs showing successful connections without authentication
- Root shell activity from unexpected sources
Network Indicators:
- Outbound connections from DiCal-RED devices to suspicious IPs
- Port 23 traffic to/from these devices
SIEM Query:
source_ip IN (DiCal-RED_IPs) AND dest_port=23 AND auth_result=success