CVE-2024-54764
📋 TL;DR
An unauthenticated access control vulnerability in ipTIME A2004 routers allows attackers to access sensitive information via the /login/hostinfo2.cgi endpoint. This affects users running vulnerable firmware versions, potentially exposing network configuration details without authentication.
💻 Affected Systems
- ipTIME A2004
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could obtain network topology information, connected device details, and potentially use this information for further attacks or reconnaissance.
Likely Case
Unauthenticated attackers can gather sensitive network information about connected devices and configurations.
If Mitigated
With proper network segmentation and access controls, impact is limited to information disclosure within the affected network segment.
🎯 Exploit Status
Simple HTTP request to vulnerable endpoint. Public GitHub repository contains details and likely exploit code.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Unknown
Restart Required: No
Instructions:
Check vendor website for firmware updates. If available, download and apply through router web interface.
🔧 Temporary Workarounds
Block External Access
allRestrict access to router management interface from external networks
Configure firewall rules to block WAN access to port 80/443
Network Segmentation
allIsolate router management interface to trusted network segment
Use VLANs or separate network for management access
🧯 If You Can't Patch
- Implement strict network access controls to limit who can reach the router management interface
- Monitor network traffic for unauthorized access attempts to /login/hostinfo2.cgi endpoint
🔍 How to Verify
Check if Vulnerable:
Attempt HTTP GET request to http://[router-ip]/login/hostinfo2.cgi without authentication. If it returns sensitive information, device is vulnerable.Check Version:
Check router web interface or use curl: curl -s http://[router-ip]/ | grep -i versionVerify Fix Applied:
After applying any workarounds, repeat the test to confirm endpoint no longer returns sensitive data without authentication.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access to /login/hostinfo2.cgi in web server logs
- Multiple failed authentication attempts followed by access to hostinfo2.cgi
Network Indicators:
- HTTP GET requests to /login/hostinfo2.cgi from untrusted sources
- Unusual information gathering patterns from external IPs
SIEM Query:
source="router_logs" AND (url="/login/hostinfo2.cgi" AND NOT (user!="" OR auth_success="true"))