CVE-2024-36445 identifies a critical security vulnerability in the Swissphone DiCal-RED 4009 device, a communication device commonly used in paging and alerting systems. The vulnerability allows an unauthenticated remote attacker to connect to the device via TELNET and obtain a root shell, effectively gaining full control over the device. The root cause is a lack of authentication enforcement on the TELNET service, classified under CWE-306 (Missing Authentication for Critical Function). The CVSS v3.1 base score of 9.8 indicates that the attack vector is network-based (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and impacts confidentiality, integrity, and availability at a high level (C:H/I:H/A:H). This means an attacker can remotely execute arbitrary commands with root privileges, potentially disrupting critical communication services or using the device as a foothold for further network compromise. The vulnerability was reserved in May 2024 and published in August 2024, but no patches or mitigations have been officially released by Swissphone at the time of this report. The absence of authentication on TELNET is a severe security oversight, especially given the sensitive nature of these devices in emergency and industrial communication environments.

The impact of this vulnerability is severe for organizations relying on Swissphone DiCal-RED 4009 devices, particularly in sectors such as emergency services, public safety, utilities, and industrial control systems. An attacker gaining root access can manipulate device configurations, intercept or alter communications, disrupt alerting functions, or pivot to other network assets, potentially causing widespread operational disruption. The compromise of these devices could lead to loss of confidentiality of sensitive communications, integrity violations through unauthorized command execution, and availability issues by disabling or corrupting device functionality. Given the critical role these devices play in alerting and paging systems, exploitation could have life-threatening consequences in emergency response scenarios. The lack of authentication and ease of exploitation make this vulnerability highly attractive to attackers, including nation-state actors and cybercriminals targeting critical infrastructure.

Since no official patches are currently available, organizations should immediately implement network-level mitigations. These include disabling TELNET access to the affected devices or restricting TELNET connections to trusted management networks using firewall rules or network segmentation. Employ VPNs or secure tunnels for remote management instead of TELNET. Monitor network traffic for unusual TELNET connection attempts and implement intrusion detection/prevention systems (IDS/IPS) to alert on or block suspicious activity. If possible, replace or upgrade devices to models with secure management interfaces that enforce authentication. Additionally, conduct thorough audits of device configurations and network architecture to minimize exposure. Establish incident response plans to quickly isolate compromised devices and remediate potential breaches. Engage with Swissphone support for updates and patches as they become available.