Unauthenticated Admin Credential Exposure in NOVUS AirGate

CVE-2023-24215 represents a critical authentication bypass vulnerability in NOVUS AirGate 4G firmware v1.1.16, where the /uci/get/ endpoint fails to enforce proper access controls. This flaw allows unauthenticated attackers to extract administrator credentials through a simple POST request, completely circumventing the authentication mechanism that should protect sensitive administrative access. The vulnerability affects network appliances deployed in enterprise and service provider environments, creating immediate risk for organizations relying on AirGate devices for connectivity and network management. With a CVSS score of 9.1, this vulnerability enables full device compromise and potential lateral movement into protected networks.

While this CVE maps to CWE-284 (Improper Access Control), detecting exploitation requires identifying suspicious patterns that Casky's security skills framework would surface through Claude AI's extended reasoning capabilities. A practitioner using Casky would observe indicators including unauthenticated POST requests to administrative endpoints (/uci/get/), responses containing credential data without prior authentication tokens, and unusual access patterns from external sources targeting firmware configuration endpoints. Although no specific MITRE ATT&CK technique currently maps to this CVE, the underlying attack chain aligns with T1589 (Gather Victim Identity Information) and T1110 (Brute Force) patterns—credential exposure that enables subsequent account compromise. Practitioners would see anomalous access logs showing direct endpoint queries bypassing login mechanisms, allowing rapid identification of compromise attempts before credentials are weaponized against administrative interfaces.