CVE-2024-57174

Root

Cause CVE-2024-57174 stems from a misconfiguration in the default DNS suffix of Alphion ASEE-1443 firmware v0.4.H.00.02.15. The device uses a domain name that has never been registered as the default DNS suffix for connected clients. This oversight means any DNS query for a hostname within that suffix will be sent to the domain's authoritative servers [1].

Exploitation

An attacker can register the unclaimed domain and configure a wildcard DNS entry pointing to an IP address they control. Because clients on the local network automatically use this DNS suffix as configured by the ONT, any request for an internal resource (e.g., a printer or file server) will resolve to the attacker's server. The attacker does not need to be on the local network; they only need to be able to host the domain's DNS and potentially a malicious service [1].

Impact

Once the attacker's DNS entry is active, they can intercept network traffic intended for internal hosts. This could lead to disclosure of sensitive information such as credentials, internal application data, or other communications. The attack is particularly effective because users and devices trust the DNS suffix provided by the network gateway [1].

Remediation

As of the publication date (March 2025), Alphion has not released a firmware patch or advisory addressing this issue. Users of ASEE-1443 devices should consider manually overriding the default DNS suffix in their network configuration to a domain they control, or monitor for vendor updates. No known mitigation is available from the manufacturer [1].