CVE-2024-47045 in Hikari Denwa router RT-400MI
Summary
by MITRE • 09/26/2024
User interface (UI) misrepresentation of critical information issue exists in multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Note that, affects products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 03/09/2025
This vulnerability represents a critical user interface misrepresentation flaw in Home GateWay/Hikari Denwa routers manufactured by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION. The issue stems from improper access control mechanisms that allow unauthorized remote access to administrative functions through the WAN interface. Specifically, when an attacker obtains knowledge of the WAN-side IPv6 address, they can directly access the device's configuration page without proper authentication, creating a significant security risk that bypasses normal network segmentation controls. This misrepresentation occurs because the router's web interface fails to properly validate network boundaries and authentication credentials before granting access to sensitive administrative functions.
The technical implementation of this vulnerability involves a failure in the router's access control logic where the device does not adequately distinguish between internal and external network requests. The flaw manifests in the web server component of the router firmware, which processes incoming requests without sufficient validation of the source address or authentication status. This creates a condition where legitimate administrative access controls are circumvented, allowing remote attackers to gain access to device configuration interfaces that should only be accessible from within the local network. The vulnerability specifically affects IPv6-enabled interfaces and demonstrates a classic case of insufficient authorization checks, which aligns with CWE-639 vulnerability classification related to authorization failures.
From an operational impact perspective, this vulnerability enables remote attackers to perform complete device compromise operations without requiring physical access or local network credentials. The affected routers provide internet connectivity services to residential and small business customers, making them attractive targets for attackers seeking to establish persistent access points or conduct network reconnaissance. The vulnerability's scope is limited to equipment deployed within the eastern region of NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION, suggesting a regional deployment pattern that may affect thousands of devices. This creates a significant risk for potential lateral movement within networks and could enable attackers to gain insights into customer network configurations, potentially leading to more sophisticated attacks.
The attack vector for this vulnerability operates through the WAN-side IPv6 interface, where an attacker with knowledge of the target device's external IPv6 address can directly access the router's administrative web interface. This represents a clear violation of the principle of least privilege and network segmentation, as the device fails to properly enforce access controls based on network boundaries. The vulnerability creates a persistent threat vector that remains active as long as the affected IPv6 address remains accessible, potentially allowing attackers to maintain access even after initial exploitation. This aligns with ATT&CK technique T1071.001 for application layer protocol usage and T1046 for network service scanning, as attackers can systematically identify and exploit vulnerable devices.
Mitigation strategies should focus on implementing proper network segmentation controls, including disabling unnecessary WAN-side administrative access, configuring firewalls to restrict access to administrative interfaces, and ensuring that IPv6 addresses are properly managed and secured. Network administrators should implement strict access control lists that limit administrative access to trusted internal networks only, while also considering the deployment of network intrusion detection systems to monitor for suspicious access patterns. Device firmware updates should be prioritized to address the underlying access control implementation flaws, and organizations should consider implementing network monitoring solutions that can detect unauthorized access attempts to administrative interfaces. Additionally, regular vulnerability assessments should be conducted to identify similar misconfigurations in other network devices, as this vulnerability demonstrates a pattern of inadequate authorization controls that may exist in other components of the network infrastructure. The affected equipment should be reconfigured to disable remote administrative access where possible, and network administrators should establish procedures for monitoring and validating network access controls on a regular basis to prevent similar issues from arising in other devices.