CVE-2024-57174 Information

Description

A misconfiguration in Alphion ASEE-1443 Firmware v0.4.H.00.02.15 defines a previously unregistered domain name as the default DNS suffix. This allows attackers to register the unclaimed domain and point its wildcard DNS entry to an attacker-controlled IP address making it possible to access sensitive information.

Reference

https://chenzw.medium.com/internal-domain-names-f1cd2886c654 https://github.com/geo-chen/BSides-SG-2022—Internal-Domain-Names?tab=readme-ov-file#finding-1—cve-2024-57174-alphion-routers