CVE-2024-37016

6.8 MEDIUM

Authentication Bypass

📋 TL;DR

This vulnerability allows attackers to bypass authentication on Mengshen Wireless Door Alarm M70 devices by capturing and replaying network traffic. Attackers can gain unauthorized access to the alarm system without valid credentials. This affects all users of the M70 model manufactured before May 24, 2024.

💻 Affected Systems

Products:

• Mengshen Wireless Door Alarm M70

Versions: All versions before 2024-05-24

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with default configuration are vulnerable. No special configuration required for exploitation.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

1. Review the CVE details at NVD
2. Check vendor security advisories for your specific version
3. Test if the vulnerability is exploitable in your environment
4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full control of the alarm system, disable security features, manipulate door states, and potentially access connected systems.

🟠

Likely Case

Unauthorized users bypass door security, gain physical access to secured areas, or disable alarm notifications.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to isolated alarm systems with no lateral movement.

🌐 Internet-Facing: HIGH - If devices are exposed to the internet, attackers can remotely bypass authentication from anywhere.

🏢 Internal Only: MEDIUM - Attackers on the local network can exploit this, but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to capture authentication traffic, then replaying it. No authentication needed to initiate attack.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No vendor advisory found

Restart Required: No

Instructions:

No official patch available. Contact Mengshen for firmware updates or replacement options.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate alarm system on separate VLAN with strict access controls

Disable Remote Access

all

Remove internet exposure and restrict to local network only

🧯 If You Can't Patch

• Physically isolate the alarm system network from other systems
• Implement network monitoring for replay attack patterns and authentication anomalies

🔍 How to Verify

Check if Vulnerable:

Copy

Check device manufacturing date or firmware version. If before 2024-05-24, assume vulnerable.

Check Version:

Copy

Check device label for manufacturing date or access device interface for firmware version

Verify Fix Applied:

Copy

Test authentication bypass by attempting replay attack with captured traffic. If authentication still required, fix may be applied.

📡 Detection & Monitoring

Log Indicators:

• Repeated authentication attempts from same source with identical timing patterns
• Successful authentication from previously unknown MAC addresses

Network Indicators:

• Identical authentication packets repeated within short timeframes
• Authentication traffic from unexpected network segments

SIEM Query:

Copy

source_ip=alarm_device AND (packet_size=identical_value WITHIN 5s) OR auth_success FROM new_mac

📊 Metadata

CVE ID: CVE-2024-37016

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-294

Published: July 15, 2024

Last Updated: November 21, 2024

🔗 References

• https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-045.txt
• https://www.syss.de/pentest-blog/
• https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-045.txt
• https://www.syss.de/pentest-blog/

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37016, you might also want to check these:

CVE-2025-49752 10.0

CVE-2025-49752 is an elevation of privilege vulnerability in Azure Bastion that allows authenticated...

Same vulnerability type (CWE-294)

CVE-2022-29334 9.8

CVE-2022-29334 is an authentication bypass vulnerability in H v1.0 that allows attackers to gain una...

Same vulnerability type (CWE-294)

CVE-2018-17932 9.8

CVE-2018-17932 affects JUUKO K-800 industrial control devices, allowing attackers to replay commands...

Same vulnerability type (CWE-294)