CVE-2024-6142 – A buffer overflow vulnerability in the Actionte... (How to Fix)

Q: What is the severity of CVE-2024-6142?

CVE-2024-6142 has a CVSS score of 8.8 (HIGH). A buffer overflow vulnerability in the Actiontec WCB6200Q router's HTTP server allows network-adjacent attackers to execute arbitrary code without authentication. This affects users of Actiontec WCB6200Q routers with vulnerable firmware. Successful exploitation gives attackers control over the router's HTTP service.

📋 TL;DR

A buffer overflow vulnerability in the Actiontec WCB6200Q router's HTTP server allows network-adjacent attackers to execute arbitrary code without authentication. This affects users of Actiontec WCB6200Q routers with vulnerable firmware. Successful exploitation gives attackers control over the router's HTTP service.

💻 Affected Systems

Products:

Actiontec WCB6200Q

Versions: Specific vulnerable versions not publicly detailed in references; likely affects multiple firmware versions prior to patch

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default HTTP server configuration; no special configuration required for exploitation

📦 What is this software?

Wcb6200q Firmware by Actiontec

View all CVEs affecting Wcb6200q Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing attackers to intercept/modify traffic, pivot to internal networks, install persistent malware, or brick the device.

🟠

Likely Case

Router takeover leading to man-in-the-middle attacks, credential theft, network reconnaissance, and potential lateral movement to connected devices.

🟢

If Mitigated

Limited impact if router is isolated from critical networks, though still vulnerable to local network attacks.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

No authentication required, network-adjacent access needed; buffer overflow exploitation typically requires some skill but tools may automate this

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in references; check vendor advisory for specific patched version

Vendor Advisory: Not provided in references; check Actiontec security advisories

Restart Required: Yes

Instructions:

1. Check Actiontec support site for firmware updates
2. Download latest firmware for WCB6200Q
3. Access router admin interface
4. Navigate to firmware update section
5. Upload and apply new firmware
6. Reboot router after update completes

🔧 Temporary Workarounds

Disable HTTP Server

all

Turn off the vulnerable HTTP service if not required

Access router admin interface
Navigate to network/services settings
Disable HTTP server/management interface

Network Segmentation

all

Isolate router from critical network segments

Configure VLANs to separate router traffic
Implement firewall rules to restrict access to router management interface

🧯 If You Can't Patch

Replace router with patched or different model
Implement strict network access controls to limit who can reach the router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version against vendor's patched version list; test with controlled exploit if authorized

Check Version:

Access router web interface and check firmware version in admin/settings page

Verify Fix Applied:

Confirm firmware version matches patched version from vendor; test that HTTP server no longer crashes with malformed requests

📡 Detection & Monitoring

Log Indicators:

HTTP server crashes/restarts
Unusual HTTP requests with long payloads
Multiple failed connection attempts to router management interface

Network Indicators:

Unusual traffic patterns to router HTTP port (typically 80/8080)
Exploit kit signatures targeting this CVE

SIEM Query:

source="router_logs" AND (event="http_server_crash" OR http_uri_length>1000)

📊 Metadata

CVE ID: CVE-2024-6142

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: June 19, 2024

Last Updated: November 21, 2024

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-24-805/ Third Party Advisory,VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-24-805/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6142, you might also want to check these: