Security readout for executives and security teams
Plain-English summary
CVE-2023-24123 is a denial-of-service flaw in the Jensen of Scandinavia Eagle 1200AC firmware V15.03.06.33_en. A malformed WiFi settings value can trigger a stack overflow and disrupt device availability. The sources do not name a vendor patch or confirm real-world exploitation.
Executive priority
Prioritize remediation for affected routers exposed to untrusted networks or supporting critical connectivity. This is not a data-theft issue in the supplied scoring, but outages can affect operations. If devices are internal-only and monitored, handle through normal network maintenance.
Technical view
The CVE describes CWE-787 out-of-bounds write behavior: a stack overflow via the wepauth parameter at /goform/WifiBasicSet. CVSS 3.1 is 6.5: network reachable, low complexity, no privileges, user interaction required, high availability impact, no confidentiality or integrity impact.
Likely exposure
Exposure is limited to environments using Jensen of Scandinavia Eagle 1200AC devices running firmware V15.03.06.33_en. Risk rises if the router administration surface is reachable from untrusted networks or users. The CVE affected-product metadata is incomplete, so inventory confirmation matters.
Exploitation context
The bundle includes a public researcher reference for a denial-of-service issue, but it does not show active exploitation. The CVE is not listed as KEV. Treat exploit status as unconfirmed based on the supplied sources.
Researcher notes
The strongest evidence is the CVE description and linked researcher post. Affected CPE/vendor fields are empty, and no patch details are provided. The user-interaction flag in CVSS should be preserved when modeling exploitability.
Mitigation direction
Check Jensen of Scandinavia guidance for patched firmware or replacement recommendations.
Restrict router management access to trusted administrative networks only.
Disable remote administration if it is not operationally required.
Monitor affected devices for crashes, reboots, or unexplained WiFi configuration failures.
Plan firmware upgrade or device replacement if no supported fix exists.
Validation and detection
Inventory Eagle 1200AC devices and record firmware versions.
Confirm whether V15.03.06.33_en is deployed anywhere.
Review management-interface exposure from internet, guest, or user networks.
Check logs or monitoring for router restarts during WiFi configuration changes.
Track vendor or CVE updates for corrected affected-product and fix details.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-787: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-787 · source CWE mapping
Out-of-bounds Write
Out-of-bounds Write represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.