CVE-2023-24215
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
In NOVUS AirGate 4G firmware version 1.1.16, the /uci/get/ endpoint suffers from incorrect access control. This allows unauthenticated attackers to obtain administrator credentials via a crafted POST request.
Risk Assessment
The risk is that an unauthenticated attacker can gain full administrative control over the device, potentially compromising network confidentiality and integrity.
Recommendation
Immediately update the NOVUS AirGate 4G firmware to the latest version that fixes this vulnerability. If an update is unavailable, restrict administrative interface access to trusted networks only.
Original NVD description (English source)
Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request.

