CVE-2024-47142

Vulnerability

Description

CVE-2024-47142 affects the AIPHONE IXG SYSTEM models IXG-2C7 and IXG-2C7-L running firmware versions 2.03 and earlier. The issue stems from insufficiently protected credentials within the firmware, which may be exposed or reused in an insecure manner, allowing a network-adjacent attacker who is already authenticated to exploit this weakness. [2]

Exploitation

An attacker with network adjacency and valid authentication on the system can leverage the weakly protected credentials to gain further unauthorized access or perform actions beyond their intended privilege level. The vulnerability does not require precise technical skill beyond the authentication step, but access to the local network segment is necessary. [1][3]

Impact

Successful exploitation enables the attacker to conduct "unintended operations" on the affected devices, potentially leading to data leakage or partial loss of functionality. AIPHONE's security advisory notes that specialized technology may be used to execute such attacks, expanding the risk surface for these intercom and access control products. [3]

Mitigation

AIPHONE has addressed the vulnerability in firmware version 2.04 (released February 2023), which enhances the security level of registration processes. Users are strongly advised to update to the latest firmware (v4.25 or higher, as of March 2026) to receive all cumulative fixes, including this one. [1] No workaround is mentioned, but the vendor provides clear upgrade paths.