CVE-2024-6144 is a stack-based buffer overflow vulnerability identified in the HTTP server of the Actiontec WCB6200Q router, version 1.2L.03.5. The root cause is the lack of proper length validation on user-supplied multipart boundary data before copying it into a fixed-length stack buffer. This unsafe operation allows an attacker with network adjacency—meaning they can send packets to the device's HTTP server—to overflow the buffer and overwrite the stack, potentially injecting and executing arbitrary code. Exploitation does not require authentication or any user interaction, increasing the attack surface. The vulnerability is classified under CWE-121 (Stack-based Buffer Overflow) and was assigned a CVSS v3.0 base score of 8.8, reflecting high impact on confidentiality, integrity, and availability. The flaw was reported by the Zero Day Initiative (ZDI) as ZDI-CAN-21416 and publicly disclosed on June 18, 2024. No patches or official fixes have been linked yet, and no active exploitation has been observed in the wild. The vulnerability could allow attackers to gain control over the router, manipulate network traffic, or disrupt network services, posing a significant threat to affected environments.

The impact of CVE-2024-6144 is substantial for organizations deploying the Actiontec WCB6200Q router, especially those using the vulnerable firmware version 1.2L.03.5. Successful exploitation can lead to full remote code execution on the device without authentication, enabling attackers to take complete control of the router. This compromises the confidentiality of network traffic, integrity of routing and firewall rules, and availability of network connectivity. Attackers could intercept, modify, or block communications, launch further attacks within the internal network, or use the compromised device as a foothold for lateral movement. Given the router's role as a network gateway, the vulnerability could affect home users, small businesses, and enterprise branch offices. The lack of authentication and user interaction requirements lowers the barrier for exploitation, increasing the likelihood of attacks once exploit code becomes available. The absence of known exploits in the wild currently limits immediate risk but does not diminish the urgency for mitigation.

1. Immediate mitigation should focus on network-level controls: restrict access to the router's HTTP management interface to trusted IP addresses only, preferably via internal network segmentation or VPN. 2. Disable remote management features on the router if not required to reduce exposure. 3. Monitor network traffic for unusual HTTP requests targeting the router, especially multipart boundary payloads that could indicate exploitation attempts. 4. Apply any available firmware updates from Actiontec as soon as they are released addressing this vulnerability. 5. If no patch is available, consider replacing the affected device with a more secure model or vendor to eliminate risk. 6. Implement intrusion detection/prevention systems (IDS/IPS) with signatures targeting this vulnerability once available. 7. Conduct regular security audits of network devices to identify vulnerable firmware versions and unauthorized access attempts. 8. Educate network administrators about this vulnerability and ensure they follow secure configuration best practices for network devices.