← back
CVE-2024-54457

CVE-2024-54457

CVSS 7.2 HIGHEPSS 0.4%CWE-1242
In short

A logged-in user can enable telnet service on certain AE1021 devices due to hidden features in the firmware. This is dangerous because telnet transmits data without encryption, exposing sensitive information and device access.

Technical detail

CWE-1242 involves undocumented features (chicken bits) in AE1021 and AE1021PE firmware ≤2.0.10 that permit authenticated users to activate telnet service. An attacker with valid credentials can exploit this to establish unencrypted remote access, potentially leading to credential interception and further system compromise.

Summary generated and translated by AI from the official description.
Inclusion of undocumented features or chicken bits issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to enable telnet service.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
FXC Inc. · AE1021FXC Inc. · AE1021PE

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jvn.jp/en/vu/JVNVU91084137/https://www.fxc.jp/news/20241213