CVE Catalog

CVE-2023-24215

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

In NOVUS AirGate 4G firmware version 1.1.16, the /uci/get/ endpoint suffers from incorrect access control. This allows unauthenticated attackers to obtain administrator credentials via a crafted POST request.

Risk Assessment

The risk is that an unauthenticated attacker can gain full administrative control over the device, potentially compromising network confidentiality and integrity.

Recommendation

Immediately update the NOVUS AirGate 4G firmware to the latest version that fixes this vulnerability. If an update is unavailable, restrict administrative interface access to trusted networks only.

Original NVD description (English source)

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS