Critical Vulnerability – Araknis Network Router

SEVERITY: CRITICAL

Redinent Researchers discovered Authentication Bypass Vulnerability in Araknis Network Router.

Technical Details: The vulnerability exists in Araknis Networks Router due to a weak password reset mechanism at the web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.

The weak password reset mechanism involves insecure restrictions on password reset form that can be modified by the attacker using a crafted in-browser code manipulation.

Affected Versions
Product Name Affected Versions

Araknis Networks Router AN-310-RT-4L2W – versions prior to v.1.1.66
Araknis Networks Router AN-110-RT-2L1W / AN-110-RT-2L1W-WIFI – versions prior to v.1.0.88

Araknis has released a version to fix the vulnerability.

CVE ID: CVE-2023-24738
Araknis Advisory: https://www.control4.com/docs/product/araknis-x10-routers/release-notes/english/latest/araknis-x10-routers-release-notes-rev-e.pdf

The coordinated disclosure timeline:

  1. December 20 2022 – Vulnerability discovered by Redinent researchers
  2. December 29 2022 – Vulnerability reported by Redinent to CERT India
  3. January 20 2023 – OEM acknowledged the vulnerability
  4. May 30 2023 – CVE assigned. OEM releases global advisory