The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in.
The vulnerability mechanism is based on an error in authentication logic (CWE-305 — Authentication Bypass by Primary Weakness). When a device has IP address 10.10.10.10 configured, the system automatically logs in the user to the root account, bypassing all identity verification procedures. An attacker who has network access to a device configured this way gains full administrative privileges without providing any authentication credentials.
Attacker gains full, unauthorized access to the root account, enabling complete device takeover, configuration modification, data theft, and further network activities (lateral movement).
Apply patches available from the manufacturer according to references (NCSC-2024-0273). Until the fix is deployed, it is recommended to avoid configuring devices with IP address 10.10.10.10 and to restrict network access to vulnerable devices using firewall or network segmentation.
Devices configured with IP address 10.10.10.10 — specific products and versions indicated in manufacturer references (NCSC-2024-0273 advisory)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H