CVE-2023-24052 in AC21000 G6info

Summary

by MITRE • 12/05/2023

An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 10/17/2025

The vulnerability identified as CVE-2023-24052 affects the Connectize AC21000 G6 router firmware version 641.139.1.1256, presenting a critical security flaw in the device's authentication mechanism. This issue resides within the password change functionality of the web-based administration interface, where the system fails to require verification of the existing password before allowing a password modification. The flaw represents a significant weakness in the principle of least privilege and authentication controls, as it enables unauthorized users to assume administrative control of the device without proper authorization.

This vulnerability directly maps to CWE-305 authentication bypass, specifically CWE-305-1 which describes authentication mechanisms that do not properly verify the current password before allowing changes. The technical implementation flaw occurs in the web application layer where the password change endpoint lacks proper input validation and authentication checks. When an attacker accesses the change password function, the system accepts new password parameters without requiring the current password to be verified first, creating a direct path to privilege escalation. The absence of this validation step violates fundamental security practices and creates an attack surface that can be exploited by anyone with access to the device's administrative interface.

The operational impact of this vulnerability is severe as it allows attackers to completely compromise the affected router. Once an attacker gains access to the administrative interface, they can modify network configurations, disable security features, redirect traffic through malicious proxies, and potentially establish backdoors for persistent access. The vulnerability can be exploited remotely if the administrative interface is accessible from external networks, making it particularly dangerous for enterprise environments where network segmentation may not be properly implemented. This flaw enables attackers to perform actions such as changing DNS settings, modifying firewall rules, creating new user accounts, and accessing sensitive network information that would normally require legitimate administrative credentials.

The attack vector for this vulnerability is straightforward and can be executed through a web browser interface without requiring specialized tools or deep technical knowledge. An attacker needs only access to the router's web interface to exploit this flaw, making it particularly dangerous in environments where administrative interfaces are exposed to untrusted networks. This vulnerability aligns with ATT&CK technique T1078.004 which describes legitimate credentials being used to access systems, and T1566.002 which covers spearphishing with a malicious attachment or link targeting network infrastructure devices. Organizations should implement immediate mitigations including disabling remote administrative access, changing default credentials, and applying firmware updates when available. Network segmentation should be enforced to prevent unauthorized access to administrative interfaces, and regular security audits should be conducted to identify similar authentication bypass vulnerabilities in other network devices.

The broader implications of this vulnerability extend beyond the immediate device compromise, as compromised routers can serve as launching points for lateral movement within networks. Attackers can use the compromised device as a pivot point to access internal network resources, potentially leading to more extensive breaches. The vulnerability also highlights the importance of proper authentication design in network infrastructure devices, where the lack of proper session management and credential verification can have cascading security implications. Organizations should consider implementing additional security controls such as multi-factor authentication for administrative access, regular firmware updates, and network monitoring to detect unauthorized access attempts to administrative interfaces.

Reservation

01/21/2023

Disclosure

12/05/2023

Moderation

accepted

CPE

ready

EPSS

0.00726

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!