CVE-2024-54984 in BG96
Summary
by MITRE • 12/20/2024
An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted NAS message.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 06/22/2025
The vulnerability identified as CVE-2024-54984 affects the Quectel BG96 module version BG96MAR02A08M1G and represents a significant authentication bypass flaw within the Network Access Server (NAS) implementation. This issue specifically targets the authentication mechanisms used in cellular network communications, potentially allowing unauthorized access to network resources that should be protected by proper authentication protocols.
The technical flaw manifests through the processing of crafted NAS messages that exploit weaknesses in the authentication validation procedures implemented by the BG96 module. These maliciously constructed messages can manipulate the authentication flow in such a way that legitimate authentication checks are circumvented, enabling attackers to establish network connections without proper credentials. The vulnerability stems from inadequate input validation and insufficient state management within the NAS message processing logic, which fails to properly verify the authenticity and integrity of incoming authentication requests.
The operational impact of this vulnerability extends beyond simple unauthorized access, as it can enable attackers to gain persistent network connectivity and potentially escalate their privileges within the cellular network infrastructure. Organizations relying on Quectel BG96 modules for IoT deployments, industrial communications, or mobile network connectivity may face significant security risks if this vulnerability is exploited. The affected devices could become entry points for broader network attacks, data exfiltration, or service disruption, particularly in scenarios where the modules are used in critical infrastructure applications.
From a cybersecurity perspective, this vulnerability aligns with CWE-287 which addresses improper authentication issues in network protocols, and maps to ATT&CK technique T1078.004 related to valid accounts for lateral movement within network environments. The attack surface is particularly concerning given the widespread deployment of BG96 modules in various industrial and commercial applications. Mitigation strategies should include immediate firmware updates from Quectel, network segmentation to limit the impact of potential exploitation, and implementation of additional monitoring controls to detect anomalous authentication patterns. Organizations should also consider deploying intrusion detection systems specifically configured to identify crafted NAS messages and implement network access controls that limit the scope of potential exploitation.