CVE-2024-39219

Vulnerability

Overview

CVE-2024-39219 is a firmware downgrade vulnerability affecting Aginode GigaSwitch V5 devices running firmware versions prior to 7.06G. The flaw allows an authenticated attacker with Administrator privileges to upload an older firmware version, thereby reintroducing security holes that were already addressed in later releases. This capability undermines the integrity of the device’s security posture by enabling rollback attacks.

Exploitation and

Attack Surface

The vulnerability exists in the firmware update mechanism of the switch. An attacker must already possess Administrator-level credentials to exploit this issue. Once authenticated, the attacker can manually flash an earlier firmware image, effectively reverting the device to a state where known vulnerabilities (such as CVE-2022-32985) are present and exploitable [1]. The attack does not require any additional network access beyond legitimate administrative channels (e.g., SCP, TFTP, or serial console).

Impact

Successful exploitation gives the attacker full control to downgrade the device’s firmware. After downgrading, the switch becomes susceptible to one or more previously fixed vulnerabilities, potentially including privilege escalation, information disclosure (e.g., password hash leakage), or remote code execution – depending on the specific earlier flaws [1]. This exposes the network segment managed by the switch to elevated risk.

Mitigation

Status

Aginode has addressed the issue in firmware version 7.06G. Administrators are strongly advised to upgrade to this version and enforce strict access controls on administrative accounts to prevent unauthorized firmware manipulation. No public evidence indicates that this vulnerability has been used in widespread attacks, and it is not listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog as of the publication date.