CVE-2023-41012

Vulnerability

China Mobile Intelligent Home Gateway model HG6543C4 [1] contains an authentication design flaw in its identity verification mechanism. The vulnerability allows a remote attacker to bypass authentication and execute arbitrary commands on the device. The affected version is HG6543C4, and no firmware version specifics are provided in the available references.

Exploitation

An attacker with network access to the gateway can exploit the flawed authentication mechanism by sending crafted requests. The attack can be performed remotely without requiring prior authentication or user interaction. The reference [1] indicates that the identity verification process has design weaknesses that can be leveraged to gain unauthorized access.

Impact

Successful exploitation results in arbitrary command execution on the device. This allows the attacker to fully compromise the gateway, potentially leading to disclosure of sensitive information, modification of device configuration, denial of service, or use of the device as a pivot for further network attacks.

Mitigation

As of the publication date [2023-09-05], no official patch or firmware update has been released by China Mobile Communications to address this vulnerability. Users are advised to monitor for vendor updates and restrict network access to the gateway from untrusted networks as a workaround. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.