CVE-2024-44815 identifies a vulnerability in the Hathway Skyworth Router CM5100 firmware version 4.1.1.24, specifically related to the SPI flash memory chip model W25Q64JV. This vulnerability allows an attacker with physical proximity to the device to extract sensitive user credentials stored within the SPI flash memory. The attack exploits improper protection or encryption of credentials stored in the firmware, categorized under CWE-256 (Plaintext Storage of a Password). The CVSS 3.1 base score is 8.0, indicating high severity, with an attack vector of adjacent network (physical proximity), high attack complexity, no privileges required, no user interaction, and a scope change. The impact is critical on confidentiality (full credential disclosure) and high on availability (potential disruption of device operation), with no impact on integrity. No patches or mitigations have been officially released yet, and no known exploits have been observed in the wild. The vulnerability requires physical access to the router hardware, making remote exploitation infeasible. However, once exploited, attackers can gain credentials that may allow further network compromise or denial of service. This vulnerability highlights the risk of hardware-level attacks on embedded devices where sensitive data is stored insecurely in flash memory.

The primary impact of CVE-2024-44815 is the compromise of user credentials stored on the affected router, which can lead to unauthorized access to the device and potentially the internal network it protects. This can result in loss of confidentiality of network credentials and sensitive configuration data. Additionally, attackers may disrupt network availability by manipulating or disabling the router once credentials are obtained. Organizations relying on the Hathway Skyworth CM5100 routers, especially in environments with physical access risks (e.g., public or semi-public locations), face increased risk of targeted attacks. The vulnerability could facilitate lateral movement within networks or enable attackers to establish persistent footholds. The lack of patches increases exposure duration. Although exploitation requires physical proximity, the severity of impact on confidentiality and availability makes this a significant threat for critical infrastructure, ISPs, and enterprise networks using this hardware.

1. Restrict physical access to all affected routers by deploying them in secure, locked environments to prevent unauthorized hardware tampering. 2. Implement tamper-evident seals or enclosures on router hardware to detect physical intrusion attempts. 3. Monitor network devices for unusual behavior or unauthorized configuration changes that may indicate credential compromise. 4. Regularly audit and rotate credentials used on network devices to limit the window of exposure if credentials are extracted. 5. Engage with the vendor or Hathway support channels to obtain firmware updates or patches addressing this vulnerability as soon as they become available. 6. Consider deploying network segmentation and additional authentication layers to reduce the impact of compromised router credentials. 7. For high-security environments, evaluate replacing vulnerable hardware with models that implement secure credential storage mechanisms such as hardware security modules or encrypted flash memory. 8. Educate staff on the risks of physical access attacks and enforce strict access control policies around network infrastructure.