CVE-2024-47044
📋 TL;DR
Multiple Home Gateway/Hikari Denwa routers from NTT East Corporation are vulnerable to insufficient access restrictions on Device Setting pages. Attackers who discover the router's WAN-side IPv6 address can access configuration pages remotely, potentially modifying settings. Only routers subscribed and used in NTT East Corporation service areas are affected.
💻 Affected Systems
- Home Gateway/Hikari Denwa routers from NTT East Corporation
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains full administrative access to router, changes network settings, intercepts traffic, or disables security features.
Likely Case
Attacker modifies router settings like DNS, firewall rules, or port forwarding to enable further attacks.
If Mitigated
If IPv6 WAN access is blocked or router uses non-default IPv6 addresses, impact is limited to configuration viewing only.
🎯 Exploit Status
Exploitation requires discovering the router's WAN-side IPv6 address, which may be predictable or discoverable through network scanning.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in references
Vendor Advisory: https://web116.jp/ced/support/news/contents/2024/20240930.html
Restart Required: Yes
Instructions:
1. Check router model and firmware version via admin interface. 2. Visit vendor support pages for firmware updates. 3. Apply firmware update following vendor instructions. 4. Restart router after update.
🔧 Temporary Workarounds
Disable IPv6 WAN Access
allBlock external IPv6 access to router administration interface
Use IPv6 Firewall Rules
allConfigure firewall to deny incoming IPv6 connections to router administration ports
🧯 If You Can't Patch
- Segment router on isolated network segment with strict firewall rules
- Monitor for unauthorized configuration changes and unusual network traffic
🔍 How to Verify
Check if Vulnerable:
Attempt to access router Device Setting page via WAN-side IPv6 address from external networkCheck Version:
Check firmware version in router admin interface under System or About sectionsVerify Fix Applied:
After update, verify Device Setting page is no longer accessible via WAN-side IPv6 address📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to router admin pages from external IPv6 addresses
- Unexpected configuration changes
Network Indicators:
- External IPv6 connections to router administration ports (typically 80, 443, 8080)
SIEM Query:
source_ip IN (external_IPv6_range) AND dest_port IN (80,443,8080) AND dest_ip = router_ip🔗 References
- https://jvn.jp/en/jp/JVN78356367/
- https://web116.jp/ced/support/news/contents/2024/20240930.html
- https://web116.jp/ced/support/version/broadband/500mi/
- https://web116.jp/ced/support/version/broadband/600mi/
- https://web116.jp/ced/support/version/broadband/pr_400mi/
- https://web116.jp/ced/support/version/broadband/rt_400mi/
- https://web116.jp/ced/support/version/broadband/rv_440mi/
