CVE-2024-54764 is an access control vulnerability identified in the ipTIME A2004 router firmware version 12.17.0, specifically in the /login/hostinfo2.cgi component. This CGI script fails to enforce proper authentication checks, allowing remote attackers to access sensitive information without any credentials. The vulnerability is remotely exploitable over the network without requiring user interaction or privileges, making it relatively easy to exploit. The sensitive information disclosed could include system or network configuration details that attackers can leverage for further compromise or targeted attacks. The CVSS 3.1 score of 6.5 reflects a medium severity, driven by the ease of exploitation and the confidentiality and integrity impacts, while availability remains unaffected. No patches or exploit code have been publicly disclosed yet, but the exposure of such information could facilitate reconnaissance and lateral movement in affected networks. The affected product, ipTIME A2004, is a consumer and small office router widely used in South Korea and some other markets. The lack of authentication on a management-related CGI endpoint represents a significant security oversight, emphasizing the need for proper access controls on device management interfaces.

The primary impact of CVE-2024-54764 is unauthorized disclosure of sensitive information from affected ipTIME A2004 routers. This can compromise the confidentiality and integrity of network configurations and device status data, potentially enabling attackers to map network topology, identify vulnerabilities, or craft targeted attacks. While availability is not directly impacted, the information leak could be a stepping stone for more severe attacks such as privilege escalation or network intrusion. Organizations relying on these routers, especially in small office or home office environments, may face increased risk of network compromise. The vulnerability could also undermine trust in network security and lead to compliance issues if sensitive data is exposed. Since no authentication or user interaction is required, the attack surface is broad, increasing the likelihood of exploitation in unprotected networks.

To mitigate CVE-2024-54764, organizations should first check for firmware updates from ipTIME and apply any patches addressing this vulnerability as soon as they become available. In the absence of official patches, network administrators should restrict access to the router’s management interfaces by implementing network segmentation and firewall rules that limit access to trusted IP addresses only. Disabling remote management features or changing default management ports can reduce exposure. Monitoring network traffic for unusual requests to /login/hostinfo2.cgi can help detect exploitation attempts. Additionally, consider deploying intrusion detection/prevention systems (IDS/IPS) with signatures targeting this vulnerability. Educating users about the risks of using vulnerable routers and encouraging replacement with devices from vendors with stronger security track records may be warranted for high-risk environments.