CVE-2024-46280
📋 TL;DR
PIX-LINK LV-WR22 RE3002-P1-01 firmware version V117.0 has a Telnet service enabled with hardcoded root credentials that cannot be changed. This allows attackers to gain full administrative control of affected routers. All users running this specific firmware version are affected.
💻 Affected Systems
- PIX-LINK LV-WR22 RE3002-P1-01
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of router with ability to intercept/modify all network traffic, install persistent malware, pivot to internal networks, and disable security functions.
Likely Case
Unauthorized administrative access leading to network eavesdropping, DNS hijacking, credential theft, and potential lateral movement.
If Mitigated
Limited impact if Telnet is disabled or network segmentation prevents access to management interface.
🎯 Exploit Status
Exploitation requires only Telnet access with known credentials. No special tools or techniques needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None known
Restart Required: No
Instructions:
No official patch available. Contact vendor for updated firmware or replace affected devices.
🔧 Temporary Workarounds
Disable Telnet Service
allCompletely disable Telnet access through router administration interface
Access router web interface > Services > Telnet > Disable
Network Access Control
linuxRestrict Telnet port 23 access using firewall rules
iptables -A INPUT -p tcp --dport 23 -j DROP
🧯 If You Can't Patch
- Segment affected routers in isolated VLAN with strict firewall rules
- Implement network monitoring for Telnet authentication attempts and block suspicious IPs
🔍 How to Verify
Check if Vulnerable:
Attempt Telnet connection to router on port 23 using known default credentialsCheck Version:
Check firmware version in router web interface or via SSH/Telnet bannerVerify Fix Applied:
Verify Telnet service is disabled or credentials no longer work📡 Detection & Monitoring
Log Indicators:
- Successful Telnet authentication from unexpected sources
- Multiple failed Telnet attempts
Network Indicators:
- Telnet traffic to router management interface
- Unusual outbound connections from router
SIEM Query:
source_port=23 AND (event_type="authentication_success" OR event_type="connection_established")