CVE-2024-40893

MEDIUM

Firewalla Box Software <1.979 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-40893. PoCs published by xen0bit.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2024-40893, which involves command injection vulnerabilities in Firewalla devices via Bluetooth Low-Energy (BLE). The PoC demonstrates license UUID leakage, root SSH credential provisioning, and command injection through network configuration fields.

Description

Multiple authenticated operating system (OS) command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. A physically close attacker that is authenticated to the Bluetooth Low-Energy (BTLE) interface can use the network configuration service to inject commands in various configuration parameters including networkConfig.Interface.Phy.Eth0.Extra.PingTestIP, networkConfig.Interface.Phy.Eth0.Extra.DNSTestDomain, and networkConfig.Interface.Phy.Eth0.Gateway6. Additionally, because the configuration can be synced to the Firewalla cloud, the attacker may be able to persist access even after hardware resets and firmware re-flashes.

Exploits (1)

github WORKING POC 5 stars

by xen0bit · gopoc

https://github.com/xen0bit/fwbt

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2024-40893, which involves command injection vulnerabilities in Firewalla devices via Bluetooth Low-Energy (BLE). The PoC demonstrates license UUID leakage, root SSH credential provisioning, and command injection through network configuration fields.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Firewalla (specific version not specified)

No auth needed

Prerequisites: Physical proximity to the target device for BLE interaction · License UUID (optional for full exploitation)

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory third-party-advisory

https://vulncheck.com/advisories/firewalla-bt-command-injection

Various Sources technical-description exploit

https://www.labs.greynoise.io/grimoire/2024-08-20-bluuid-firewalla/

Scores

CVSS v3 6.8

EPSS 0.0155

EPSS Percentile 71.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

Firewalla/Box Software < 1.979

Published Aug 12, 2024

Tracked Since Feb 18, 2026