CVE-2024-0522 is a Cross-Site Request Forgery (CSRF) vulnerability identified in Allegro RomPager version 4.01, specifically affecting the HTTP POST request handler for the usertable.htm?action=delete function. The vulnerability arises from improper validation of the 'username' argument, allowing an attacker to craft a malicious request that, when executed by an authenticated user, can trigger unauthorized actions such as deleting user accounts or modifying user-related settings. The attack can be launched remotely without requiring authentication privileges, but it does require user interaction (e.g., the victim visiting a malicious webpage). The vulnerability is classified under CWE-352, indicating a CSRF weakness. The vendor notes that this is a very old issue that was fixed approximately 20 years ago in later versions, but it was never publicly disclosed until now. The vulnerability has a CVSS v3.1 base score of 4.3 (medium severity), with an attack vector of network (remote), low attack complexity, no privileges required, user interaction required, and impacts integrity but not confidentiality or availability. The recommended remediation is to upgrade to Allegro RomPager version 4.30 or later, which addresses this issue. No known exploits are currently reported in the wild. RomPager is a widely embedded web server component used in many network devices such as routers, modems, and IoT devices, which means vulnerable devices could be exposed to remote CSRF attacks if they have web interfaces accessible to users.

For European organizations, the impact of this vulnerability depends largely on the deployment of devices running Allegro RomPager 4.01 within their infrastructure. Since RomPager is commonly embedded in consumer and enterprise network equipment, vulnerable devices could be targeted to perform unauthorized configuration changes or user deletions via CSRF attacks. This could lead to integrity issues in device management, potentially disrupting network operations or enabling further exploitation. Although the vulnerability does not directly compromise confidentiality or availability, unauthorized changes could weaken security postures or cause administrative disruptions. Organizations with remote management portals or web interfaces accessible internally or externally are at higher risk. The medium severity rating suggests that while the risk is not critical, it warrants timely remediation to prevent attackers from leveraging CSRF to manipulate device settings. Given the age of the vulnerability and the lack of known exploits, the immediate threat may be low, but the exposure remains significant for legacy or unpatched devices common in many European enterprises and service providers.

1. Immediate upgrade of all Allegro RomPager instances to version 4.30 or later to ensure the vulnerability is patched. 2. For devices where upgrading is not immediately feasible, implement compensating controls such as disabling web management interfaces on devices unless absolutely necessary. 3. Employ network segmentation and access controls to restrict access to device management interfaces to trusted internal networks only. 4. Use web application firewalls (WAFs) or intrusion prevention systems (IPS) capable of detecting and blocking CSRF attack patterns targeting the affected endpoints. 5. Educate users and administrators about the risks of CSRF attacks and encourage cautious behavior regarding unsolicited links or web content. 6. Regularly audit network devices to identify those running vulnerable RomPager versions and track remediation status. 7. Implement anti-CSRF tokens or other CSRF protections if custom web interfaces are used on top of RomPager components. These measures go beyond generic advice by focusing on device-specific controls, network-level protections, and user awareness tailored to the nature of the vulnerability.