PoC Exploit Released for RCE 0-day CVE-2024-41992 in Arcadyan FMIMG51AX000J Model
A critical vulnerability, identified as CVE-2024-41992, has been discovered in the Arcadyan FMIMG51AX000J model, and potentially other WiFi Alliance-affiliated devices using the same firmware version (DUT-Wi-FiTestSuite-9.0.0). This vulnerability allows remote attackers to execute arbitrary code, potentially gaining full control of the affected device.
The vulnerability was discovered by an independent security researcher working with SSD Secure Disclosure. Despite efforts to contact the WiFi Alliance through CERT VINCE, a clear timeline for a fix has not been provided by either the vendor or WiFi Alliance, prompting SSD to issue this public advisory.
The vulnerability resides in the firmware of the Arcadyan FMIMG51AX000J, a device that forms a critical component in the WiFi infrastructure of many homes and businesses. This model, along with others using the same version of the firmware, is widely deployed, making the impact of this vulnerability potentially massive. With remote code execution (RCE) capabilities, attackers could gain complete control over compromised devices, enabling them to manipulate network traffic, intercept sensitive data, and launch further attacks on connected systems.
The disclosure of this vulnerability is particularly alarming because a proof-of-concept (PoC) exploit has already been made publicly available by SSD analysts. This PoC provides detailed, step-by-step instructions for exploiting the vulnerability, lowering the barrier for attackers to take advantage of this flaw.
Despite the severity of CVE-2024-41992, the response from the vendor, as well as the WiFi Alliance, has been disappointingly slow. According to SSD Secure Disclosure, the issue was reported via CERT VINCE (Case VU#123336) as early as April 2024. However, several months have passed without any clear timeline for a fix.
In the absence of a vendor-supplied patch, SSD Secure Disclosure has taken the responsible step of releasing an advisory to alert the public to the vulnerability. While this transparency is essential for user awareness and defensive measures, it also increases the risk of exploitation by malicious actors who now have access to the PoC exploit.
The devices confirmed to be vulnerable include:
- Arcadyan FMIMG51AX000J
- DUT-Wi-FiTestSuite-9.0.0
However, it is important to note that other devices using similar firmware versions could also be at risk.
Given the current situation, users of the affected devices are advised to take immediate action to mitigate the risk. While a patch from the vendor or WiFi Alliance is still pending, users can:
- Limit Access: Restrict remote access to affected devices, if possible, to minimize the attack surface.
- Monitor Traffic: Closely monitor network traffic for any unusual activity that could indicate an attempted or successful exploit.
- Segregate Networks: Isolate vulnerable devices from critical networks to prevent potential lateral movement by attackers.
- Firmware Updates: Regularly check for firmware updates from the device manufacturer and apply them as soon as they become available.
