CVE-2023-24049

CVSS 9.8 CRITICALEPSS 0.7%CWE-1393

In short

The Connectize AC21000 G6 device has weak credential management that lets attackers gain elevated privileges and take control of the system. This is critical because attackers can fully compromise the device and access sensitive functions.

Technical detail

CWE-1393 (poor credential management) in Connectize AC21000 G6 firmware 641.139.1.1256 enables privilege escalation. Attackers with network or local access can exploit inadequate credential storage or validation mechanisms to obtain elevated privileges, resulting in complete device compromise.

Summary generated and translated by AI from the official description.

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/