CVE-2024-44414
📋 TL;DR
This critical vulnerability in FBM_292W-21.03.10V allows remote attackers to execute arbitrary commands on affected devices by manipulating the path parameter in the msp_info.htm file. The vulnerability affects users of WayOS FBM_292W devices running the vulnerable firmware version. Successful exploitation could lead to complete system compromise.
💻 Affected Systems
- WayOS FBM_292W
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise allowing attacker to install persistent backdoors, pivot to internal networks, exfiltrate sensitive data, or render the device inoperable.
Likely Case
Remote code execution leading to device takeover, network reconnaissance, and potential lateral movement within the network.
If Mitigated
Limited impact if network segmentation isolates the device and strict access controls prevent external exploitation.
🎯 Exploit Status
Public proof-of-concept code is available in the GitHub references. The vulnerability requires no authentication and has simple exploitation vectors.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Unknown
Restart Required: No
Instructions:
No official patch is currently available. Monitor the vendor's security advisories for updates and apply any firmware patches immediately when released.
🔧 Temporary Workarounds
Network Segmentation
allIsolate FBM_292W devices from untrusted networks and restrict access to management interfaces
Access Control Lists
allImplement strict firewall rules to limit access to the vulnerable web interface
🧯 If You Can't Patch
- Immediately remove affected devices from internet-facing positions
- Implement network monitoring for suspicious command execution attempts on these devices
🔍 How to Verify
Check if Vulnerable:
Check firmware version via web interface or CLI. If version is 21.03.10V, the device is vulnerable.Check Version:
Check via web interface at System Status > Firmware Version or via CLI if availableVerify Fix Applied:
Verify firmware version has been updated to a version later than 21.03.10V📡 Detection & Monitoring
Log Indicators:
- Unusual command execution in system logs
- Multiple failed or successful access attempts to msp_info.htm
- Suspicious process creation
Network Indicators:
- Unusual outbound connections from the device
- Traffic patterns indicating command and control activity
- Exploitation attempts targeting the vulnerable endpoint
SIEM Query:
Search for web requests containing 'msp_info.htm' with suspicious path parameters or command injection patterns