CVE-2024-54763
📋 TL;DR
An unauthenticated access control vulnerability in ipTIME A2004 routers allows attackers to retrieve sensitive information via the /login/hostinfo.cgi endpoint. This affects organizations and individuals using ipTIME A2004 routers with firmware version 12.17.0. Attackers can exploit this without credentials to gather system information.
💻 Affected Systems
- ipTIME A2004
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain complete network topology, device configurations, and potentially credentials, leading to full network compromise and data exfiltration.
Likely Case
Unauthenticated attackers gather sensitive system information including network configurations, connected devices, and potentially administrative details.
If Mitigated
With proper network segmentation and access controls, impact is limited to information disclosure from the router itself.
🎯 Exploit Status
Simple HTTP GET request to vulnerable endpoint. Proof-of-concept available in GitHub repository.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Unknown
Restart Required: No
Instructions:
1. Check ipTIME website for firmware updates. 2. Download latest firmware. 3. Access router admin panel. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Verify update completed successfully.
🔧 Temporary Workarounds
Block External Access
linuxPrevent external access to router management interface
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP
Network Segmentation
allIsolate router management interface to trusted network only
🧯 If You Can't Patch
- Implement strict network access controls to limit access to router management interface
- Monitor network traffic for unauthorized access attempts to /login/hostinfo.cgi endpoint
🔍 How to Verify
Check if Vulnerable:
Send HTTP GET request to http://[router-ip]/login/hostinfo.cgi. If it returns sensitive information without authentication, device is vulnerable.Check Version:
Check router web interface or use curl: curl -s http://[router-ip]/ | grep -i firmwareVerify Fix Applied:
After update, attempt same request. Should return authentication error or no sensitive data.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated requests to /login/hostinfo.cgi
- Multiple failed authentication attempts followed by hostinfo access
Network Indicators:
- HTTP GET requests to /login/hostinfo.cgi from untrusted sources
- Unusual traffic patterns to router management interface
SIEM Query:
source="router_logs" AND url="/login/hostinfo.cgi" AND auth_status="failed"