CVE-2024-22773 is a high-severity vulnerability affecting Intelbras Action RF 1200 routers version 1.2.2 and earlier, as well as Action RG 1200 routers version 2.1.7 and earlier. The vulnerability arises from the routers exposing the password within a cookie, which leads to a login bypass. This means that an attacker can potentially gain unauthorized access to the router's administrative interface without needing valid credentials. The vulnerability is classified under CWE-922, which refers to improper control of generation of code or configuration that allows bypassing security controls. The CVSS 3.1 base score of 8.1 indicates a high impact, with the vector string AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H showing that the attack can be performed remotely over the network without privileges or user interaction, but requires high attack complexity. The impact affects confidentiality, integrity, and availability, as an attacker with access to the router’s admin interface can change configurations, intercept or redirect traffic, and disrupt network services. No patches or official fixes are currently listed, and there are no known exploits in the wild as of the publication date. Given the nature of the vulnerability, it is likely due to insecure handling of authentication cookies, possibly storing passwords or session tokens in an unprotected manner, allowing attackers to bypass authentication mechanisms by replaying or manipulating these cookies.

For European organizations, this vulnerability poses a significant risk, especially for small and medium enterprises or home offices using Intelbras Action RF 1200 or RG 1200 routers. Successful exploitation could lead to unauthorized administrative access to network infrastructure, enabling attackers to intercept sensitive communications, alter network configurations, or launch further attacks within the internal network. This could compromise the confidentiality of corporate data, integrity of network operations, and availability of internet connectivity. Critical infrastructure or organizations relying on these routers for secure communications may face operational disruptions or data breaches. Additionally, since the attack requires no user interaction and can be performed remotely, it increases the risk of widespread exploitation if the devices are exposed to the internet or accessible from less secure network segments.

1. Immediate mitigation should include isolating affected routers from direct internet exposure by placing them behind firewalls or VPNs to restrict remote access to the administrative interface. 2. Change default credentials and ensure strong, unique passwords are used to reduce the risk of unauthorized access if the vulnerability is exploited. 3. Monitor network traffic for unusual access patterns or unauthorized login attempts to detect potential exploitation attempts early. 4. If possible, disable remote management features on the routers until a vendor patch is available. 5. Regularly check Intelbras official channels for firmware updates or security advisories addressing this vulnerability and apply patches promptly once released. 6. Consider replacing affected devices with models from vendors with a stronger security track record if immediate patching is not feasible. 7. Implement network segmentation to limit the impact of a compromised router on critical systems. 8. Educate IT staff and users about the risks associated with router vulnerabilities and the importance of secure network device management.