Vulnerabilities in Goodmill Systems w24e and w24h routers
Three privilege escalation vulnerabilities have been found from the firmware on Goodmill Systems w24e and w24h routers. A logged in user could unauthorizedly expand the user privileges in routers affected by the vulnerabilities. Goodmill Systems has released a new version of the firmware addressing the vulnerabilities.
An user account for administrative purposes has been removed from the firmware. The "remote_user" account used hardcoded credentials. Goodmill Systems is a Finnish company whose connectivity products are used for example in vehicles. Please contact the vendor for more information about the update process.
The vulnerability was found by Antti Tönkyrä, Mika Järvinen, Mikko Kenttälä and Ossi Salmi. NCSC-FI would like to thank the finders and the vendor for participating in the coordination.
- Network devices
- Security bypass
- Expansion of access rights
- Software update patch
- Restriction of the problem
- w24e SW versions 4.0.3.x, 4.0.4, 4.0.5.x , 4.0.6.x before the version 18.104.22.168
- w24h SW versions before version 22.214.171.124
The vendor recommends customers to upgrade the software in their routers to the following versions in order to patch these vulnerabilities and to be at the latest software levels:
- 126.96.36.199 (routers w24e/w24e-S/w24)
- 188.8.131.52 (routers w24h-S/w24h-I).
NCSC-FI Vulnerability Coordination can be contacted as follows:
Please quote the advisory reference [FICORA #1038870] in the subject line.
+358 295 390 230
Monday - Friday 08:00 – 16:15 (EET: UTC+3)
FICORA / NCSC-FI
P.O. Box 313
NCSC-FI encourages those who wish to communicate via email to make use of our PGP key. The PGP key as well as the vulnerability coordination principles of NCSC-FI are available at: