CVE-2023-24048 in AC21000 G6
Summary
by MITRE • 12/05/2023
Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /man_password.htm.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 10/16/2025
The CVE-2023-24048 vulnerability represents a critical cross site request forgery flaw affecting the Connectize AC21000 G6 device firmware version 641.139.1.1256. This vulnerability exists within the web interface authentication mechanism and specifically targets the /man_password.htm endpoint which handles administrative password management functions. The flaw allows unauthorized attackers to execute malicious requests without proper authorization, potentially enabling full administrative control over the network device. The vulnerability stems from the absence of proper anti-CSRF token validation within the device's web management interface, making it susceptible to exploitation through crafted HTTP GET requests that manipulate administrative functions. This type of vulnerability falls under CWE-352 which specifically addresses Cross-Site Request Forgery weaknesses in web applications and systems. The ATT&CK framework categorizes this as a privilege escalation technique under the T1068 privilege escalation tactic, where attackers leverage web application vulnerabilities to gain elevated system access.
The technical implementation of this vulnerability exploits the lack of anti-CSRF protection mechanisms within the device's web interface. When an authenticated user visits a malicious website or clicks on a crafted link, the attacker can construct a GET request that targets the vulnerable /man_password.htm endpoint to modify administrative credentials or other sensitive device configurations. The absence of CSRF tokens or other validation mechanisms means that legitimate administrative requests can be spoofed by attackers who craft malicious URLs. This flaw particularly affects devices that rely on session-based authentication without implementing proper request origin validation or token-based protection. The vulnerability is especially concerning because it directly impacts the device's administrative interface, potentially allowing attackers to modify passwords, access sensitive configuration data, or even reset device settings.
The operational impact of CVE-2023-24048 extends beyond simple unauthorized access to potentially enabling complete device compromise. An attacker who successfully exploits this vulnerability could gain persistent administrative access to the Connectize AC21000 G6 device, allowing for ongoing surveillance, network infiltration, or disruption of critical network services. The device's role in network infrastructure management makes this vulnerability particularly dangerous as it could provide attackers with a foothold for lateral movement within the network. The vulnerability also poses risks to network availability and integrity, as attackers could potentially reset device configurations or disable security features. Organizations using this device may face regulatory compliance issues if the device is part of critical infrastructure, as the vulnerability could constitute a security breach under various compliance frameworks including pci dss and nist cybersecurity frameworks. The vulnerability's exploitation requires minimal technical skill, making it accessible to threat actors across different skill levels.
Mitigation strategies for CVE-2023-24048 should prioritize immediate firmware updates from Connectize to address the CSRF implementation flaw. Organizations should implement network segmentation to isolate affected devices and restrict access to administrative interfaces to trusted networks only. Network monitoring solutions should be configured to detect suspicious GET requests targeting the vulnerable endpoint, particularly those originating from untrusted sources. Access controls should be strengthened by implementing multi-factor authentication for administrative interfaces and restricting administrative access to specific IP addresses or ranges. The implementation of web application firewalls can provide additional protection by filtering malicious requests and validating request origins. Regular security assessments should include vulnerability scanning for web interfaces and authentication mechanisms to identify similar CSRF vulnerabilities in other network devices. Organizations should also consider implementing network access controls that prevent direct access to administrative interfaces from external networks, reducing the attack surface for this particular vulnerability. The remediation process should include thorough testing of firmware updates to ensure that the CSRF protection mechanisms are properly implemented without introducing new vulnerabilities.