CVE-2024-22773: n/a in n/a
Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass.
AI Analysis
Technical Summary
CVE-2024-22773 is a high-severity vulnerability affecting Intelbras Action RF 1200 routers version 1.2.2 and earlier, as well as Action RG 1200 routers version 2.1.7 and earlier. The vulnerability arises from the routers exposing the password within a cookie, which leads to a login bypass. This means that an attacker can potentially gain unauthorized access to the router's administrative interface without needing valid credentials. The vulnerability is classified under CWE-922, which refers to improper control of generation of code or configuration that allows bypassing security controls. The CVSS 3.1 base score of 8.1 indicates a high impact, with the vector string AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H showing that the attack can be performed remotely over the network without privileges or user interaction, but requires high attack complexity. The impact affects confidentiality, integrity, and availability, as an attacker with access to the router’s admin interface can change configurations, intercept or redirect traffic, and disrupt network services. No patches or official fixes are currently listed, and there are no known exploits in the wild as of the publication date. Given the nature of the vulnerability, it is likely due to insecure handling of authentication cookies, possibly storing passwords or session tokens in an unprotected manner, allowing attackers to bypass authentication mechanisms by replaying or manipulating these cookies.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially for small and medium enterprises or home offices using Intelbras Action RF 1200 or RG 1200 routers. Successful exploitation could lead to unauthorized administrative access to network infrastructure, enabling attackers to intercept sensitive communications, alter network configurations, or launch further attacks within the internal network. This could compromise the confidentiality of corporate data, integrity of network operations, and availability of internet connectivity. Critical infrastructure or organizations relying on these routers for secure communications may face operational disruptions or data breaches. Additionally, since the attack requires no user interaction and can be performed remotely, it increases the risk of widespread exploitation if the devices are exposed to the internet or accessible from less secure network segments.
Mitigation Recommendations
1. Immediate mitigation should include isolating affected routers from direct internet exposure by placing them behind firewalls or VPNs to restrict remote access to the administrative interface. 2. Change default credentials and ensure strong, unique passwords are used to reduce the risk of unauthorized access if the vulnerability is exploited. 3. Monitor network traffic for unusual access patterns or unauthorized login attempts to detect potential exploitation attempts early. 4. If possible, disable remote management features on the routers until a vendor patch is available. 5. Regularly check Intelbras official channels for firmware updates or security advisories addressing this vulnerability and apply patches promptly once released. 6. Consider replacing affected devices with models from vendors with a stronger security track record if immediate patching is not feasible. 7. Implement network segmentation to limit the impact of a compromised router on critical systems. 8. Educate IT staff and users about the risks associated with router vulnerabilities and the importance of secure network device management.
Affected Countries
Portugal, Spain, Italy, France, Germany, Poland, Netherlands, Belgium, Romania, Greece
CVE-2024-22773: n/a in n/a
Description
Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass.
AI-Powered Analysis
Technical Analysis
CVE-2024-22773 is a high-severity vulnerability affecting Intelbras Action RF 1200 routers version 1.2.2 and earlier, as well as Action RG 1200 routers version 2.1.7 and earlier. The vulnerability arises from the routers exposing the password within a cookie, which leads to a login bypass. This means that an attacker can potentially gain unauthorized access to the router's administrative interface without needing valid credentials. The vulnerability is classified under CWE-922, which refers to improper control of generation of code or configuration that allows bypassing security controls. The CVSS 3.1 base score of 8.1 indicates a high impact, with the vector string AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H showing that the attack can be performed remotely over the network without privileges or user interaction, but requires high attack complexity. The impact affects confidentiality, integrity, and availability, as an attacker with access to the router’s admin interface can change configurations, intercept or redirect traffic, and disrupt network services. No patches or official fixes are currently listed, and there are no known exploits in the wild as of the publication date. Given the nature of the vulnerability, it is likely due to insecure handling of authentication cookies, possibly storing passwords or session tokens in an unprotected manner, allowing attackers to bypass authentication mechanisms by replaying or manipulating these cookies.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially for small and medium enterprises or home offices using Intelbras Action RF 1200 or RG 1200 routers. Successful exploitation could lead to unauthorized administrative access to network infrastructure, enabling attackers to intercept sensitive communications, alter network configurations, or launch further attacks within the internal network. This could compromise the confidentiality of corporate data, integrity of network operations, and availability of internet connectivity. Critical infrastructure or organizations relying on these routers for secure communications may face operational disruptions or data breaches. Additionally, since the attack requires no user interaction and can be performed remotely, it increases the risk of widespread exploitation if the devices are exposed to the internet or accessible from less secure network segments.
Mitigation Recommendations
1. Immediate mitigation should include isolating affected routers from direct internet exposure by placing them behind firewalls or VPNs to restrict remote access to the administrative interface. 2. Change default credentials and ensure strong, unique passwords are used to reduce the risk of unauthorized access if the vulnerability is exploited. 3. Monitor network traffic for unusual access patterns or unauthorized login attempts to detect potential exploitation attempts early. 4. If possible, disable remote management features on the routers until a vendor patch is available. 5. Regularly check Intelbras official channels for firmware updates or security advisories addressing this vulnerability and apply patches promptly once released. 6. Consider replacing affected devices with models from vendors with a stronger security track record if immediate patching is not feasible. 7. Implement network segmentation to limit the impact of a compromised router on critical systems. 8. Educate IT staff and users about the risks associated with router vulnerabilities and the importance of secure network device management.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2024-01-11T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6842df031a426642debc97d5
Added to database: 6/6/2025, 12:28:51 PM
Last enriched: 7/7/2025, 6:27:24 PM
Last updated: 8/16/2025, 12:35:57 PM
Views: 18
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.