Summary: A critical vulnerability, CVE-2024-41992, has been found in the Arcadyan FMIMG51AX000J model and other WiFi Alliance devices, allowing remote attackers to execute arbitrary code and potentially gain full control of affected devices. Despite the severity of the issue and a public proof-of-concept exploit, the vendor and WiFi Alliance have not provided a timeline for a fix, prompting SSD Secure Disclosure to issue a public advisory.
Threat Actor: Unknown | unknown
Victim: Arcadyan FMIMG51AX000J | Arcadyan FMIMG51AX000J
Key Point :
- A critical vulnerability allows remote code execution on affected devices, enabling full control for attackers.
- A proof-of-concept exploit is publicly available, increasing the risk of exploitation.
- No clear timeline for a fix has been provided by the vendor or WiFi Alliance, despite the issue being reported months ago.
- Users are advised to limit access, monitor traffic, segregate networks, and check for firmware updates to mitigate risks.
A critical vulnerability, identified as CVE-2024-41992, has been discovered in the Arcadyan FMIMG51AX000J model, and potentially other WiFi Alliance-affiliated devices using the same firmware version (DUT-Wi-FiTestSuite-9.0.0). This vulnerability allows remote attackers to execute arbitrary code, potentially gaining full control of the affected device.
The vulnerability was discovered by an independent security researcher working with SSD Secure Disclosure. Despite efforts to contact the WiFi Alliance through CERT VINCE, a clear timeline for a fix has not been provided by either the vendor or WiFi Alliance, prompting SSD to issue this public advisory.
The vulnerability resides in the firmware of the Arcadyan FMIMG51AX000J, a device that forms a critical component in the WiFi infrastructure of many homes and businesses. This model, along with others using the same version of the firmware, is widely deployed, making the impact of this vulnerability potentially massive. With remote code execution (RCE) capabilities, attackers could gain complete control over compromised devices, enabling them to manipulate network traffic, intercept sensitive data, and launch further attacks on connected systems.
The disclosure of this vulnerability is particularly alarming because a proof-of-concept (PoC) exploit has already been made publicly available by SSD analysts. This PoC provides detailed, step-by-step instructions for exploiting the vulnerability, lowering the barrier for attackers to take advantage of this flaw.
Despite the severity of CVE-2024-41992, the response from the vendor, as well as the WiFi Alliance, has been disappointingly slow. According to SSD Secure Disclosure, the issue was reported via CERT VINCE (Case VU#123336) as early as April 2024. However, several months have passed without any clear timeline for a fix.
In the absence of a vendor-supplied patch, SSD Secure Disclosure has taken the responsible step of releasing an advisory to alert the public to the vulnerability. While this transparency is essential for user awareness and defensive measures, it also increases the risk of exploitation by malicious actors who now have access to the PoC exploit.
The devices confirmed to be vulnerable include:
- Arcadyan FMIMG51AX000J
- DUT-Wi-FiTestSuite-9.0.0
However, it is important to note that other devices using similar firmware versions could also be at risk.
Given the current situation, users of the affected devices are advised to take immediate action to mitigate the risk. While a patch from the vendor or WiFi Alliance is still pending, users can:
- Limit Access: Restrict remote access to affected devices, if possible, to minimize the attack surface.
- Monitor Traffic: Closely monitor network traffic for any unusual activity that could indicate an attempted or successful exploit.
- Segregate Networks: Isolate vulnerable devices from critical networks to prevent potential lateral movement by attackers.
- Firmware Updates: Regularly check for firmware updates from the device manufacturer and apply them as soon as they become available.