Login Sign Up

CVE-2024-57174

8.1 HIGH

📋 TL;DR

A DNS suffix misconfiguration in Alphion ASEE-1443 routers allows attackers to register an unclaimed domain and redirect traffic to malicious servers. This enables interception of sensitive information from devices using these routers. Organizations using affected Alphion router firmware are vulnerable.

💻 Affected Systems

Products:
  • Alphion ASEE-1443 Router
Versions: Firmware v0.4.H.00.02.15
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices with this firmware version are vulnerable by default configuration.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers intercept all DNS queries and redirect traffic to phishing sites or malware distribution points, potentially compromising credentials, financial data, and internal network communications.

🟠

Likely Case

Attackers capture sensitive information from users accessing services through the router, including login credentials, session tokens, and confidential communications.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to specific devices behind the router, but credential theft remains possible.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires registering the domain and configuring DNS, but no authentication is needed once domain is controlled.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - check with vendor

Vendor Advisory: Not provided in references

Restart Required: No

Instructions:

1. Contact Alphion for updated firmware. 2. Download and verify firmware. 3. Apply firmware update through router admin interface. 4. Verify DNS settings are corrected.

🔧 Temporary Workarounds

Manual DNS Configuration

all

Manually configure DNS servers to use trusted providers instead of default settings

Log into router admin interface
Navigate to Network Settings > DNS
Set DNS servers to 8.8.8.8 and 8.8.4.4 or your organization's trusted DNS

🧯 If You Can't Patch

  • Isolate affected routers from sensitive networks
  • Implement DNS monitoring and filtering to detect malicious redirections

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface and verify if using default DNS suffix configuration

Check Version:

Check router admin interface under System > Firmware or similar menu

Verify Fix Applied:

Verify firmware version is updated and DNS settings point to legitimate, controlled domains

📡 Detection & Monitoring

Log Indicators:

  • Unusual DNS queries to unfamiliar domains
  • Failed DNS resolution attempts
  • Router configuration changes

Network Indicators:

  • DNS traffic to suspicious domains
  • Unexpected IP address resolutions
  • SSL certificate mismatches for internal services

SIEM Query:

dns.query contains 'suspicious-domain.com' OR dns.response_ip in [malicious_ips]

📊 Metadata

CVE ID: CVE-2024-57174
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score: 0.12% exploit probability (30.8th percentile)
Published: March 5, 2025
Last Updated: March 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON