CVE-2024-45416 is a local file inclusion vulnerability found in the HTTPD binary of multiple ZTE router models. The root cause is in the session_init function, which manages session files stored in the /var/lua_session directory. This function iterates over all files in this directory and executes them using the Lua 'dofile' function without verifying if the files are legitimate session files. This lack of validation allows an attacker who can write arbitrary files into this directory to execute malicious Lua scripts with root privileges, resulting in remote code execution (RCE) as the root user. The vulnerability is classified under CWE-829 (Inclusion of Functionality from Untrusted Control Sphere). Exploitation requires the attacker to have the capability to write files into the session directory, which might be achieved through other vulnerabilities or misconfigurations such as weak authentication, exposed management interfaces, or insecure file upload mechanisms. The CVSS v3.1 base score is 8.1, reflecting high impact and network attack vector, but with high attack complexity and no privileges or user interaction required. No patches or exploits are currently publicly available, but the vulnerability's nature and impact make it a critical concern for affected organizations. The vulnerability affects multiple ZTE router models, commonly deployed in enterprise and ISP networks, making it a significant threat to network infrastructure security.

The impact of CVE-2024-45416 is severe due to the potential for full system compromise with root privileges on affected ZTE routers. Successful exploitation allows attackers to execute arbitrary code remotely, potentially leading to complete control over the router. This can result in interception or manipulation of network traffic, disruption of network services, creation of persistent backdoors, and lateral movement within the network. Confidentiality, integrity, and availability of network communications are all at risk. Organizations relying on these routers for critical infrastructure, including ISPs, enterprises, and government agencies, may face significant operational disruptions and data breaches. The high CVSS score reflects the broad scope and critical nature of the vulnerability. Although no known exploits are currently reported in the wild, the ease of exploitation once write access is obtained and the high privileges gained make this a critical threat to address promptly.

1. Immediate mitigation should focus on restricting write access to the /var/lua_session directory to trusted processes only, preventing unauthorized file creation. 2. Network administrators should audit and harden router management interfaces, disabling any unnecessary services and enforcing strong authentication and access controls to reduce the risk of attackers gaining file write capabilities. 3. Monitor router logs and file system changes in the session directory for suspicious activity indicative of exploitation attempts. 4. If possible, isolate affected routers from untrusted networks and limit administrative access to secure management VLANs or VPNs. 5. Engage with ZTE support or vendor channels to obtain patches or firmware updates addressing this vulnerability as they become available. 6. Implement network-level protections such as intrusion detection/prevention systems (IDS/IPS) to detect anomalous behavior related to this vulnerability. 7. Conduct regular security assessments and penetration tests focusing on router configurations and potential privilege escalation paths. 8. Consider deploying compensating controls such as application whitelisting or runtime application self-protection (RASP) on network devices where feasible.