CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-24049

CVSS 9.8v3.1pub. 2023-12-04upd. 2025-05-29

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management.

🤖 AI Analysis
How it works

The vulnerability results from improper credential management (poor credential management) classified as CWE-521 (weak password requirements) and CWE-1393 (use of default credentials). A remote, unauthenticated attacker can exploit this weakness to obtain elevated privileges on the device. The network attack vector with no authentication requirements (PR:N, UI:N) significantly increases the risk of vulnerability exploitation.

Impact

An attacker can obtain elevated privileges on the device, which in practice means full control over the router, the ability to modify its configuration, intercept network traffic, and compromise the confidentiality, integrity, and availability of data.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Additionally, it is recommended to immediately change the default credentials for device access, restrict access to the management interface to trusted IP addresses only, and isolate the device from the public network.

Who is affected

Connectize AC21000 G6 with firmware version 641.139.1.1256

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Connectize Ac21000 G6

    HW
    Connectize
    wszystkie wersje
  • Connectize Ac21000 G6 Firmware

    OS
    Connectize
    641.139.1.1256
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2023-24051CRITICAL9.8PL ✓ten sam produkt

Brak ograniczenia liczby prób po stronie klienta w Connectize AC21000 G6

CVE-2023-24052CRITICAL9.8PL ✓ten sam produkt

Connectize AC21000 G6 — przejęcie kontroli przez zmianę hasła bez weryfikacji

CVE-2023-24048HIGH8.8ten sam produkt

Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to ga...

CVE-2023-24046MEDIUM6.8ten sam produkt

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via...

CVE-2023-24047MEDIUM6.8ten sam produkt

An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to...