{"id":26958,"date":"2025-04-19T12:15:29","date_gmt":"2025-04-19T12:15:29","guid":{"rendered":""},"modified":"2025-08-30T20:33:36","modified_gmt":"2025-08-31T02:33:36","slug":"cve-2023-49722-open-port-vulnerability-in-bcc101-bcc102-bcc50-wifi-firmware","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2023-49722-open-port-vulnerability-in-bcc101-bcc102-bcc50-wifi-firmware\/","title":{"rendered":"<strong>CVE-2023-49722: Open Port Vulnerability in BCC101\/BCC102\/BCC50 WiFi Firmware<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The vulnerability, identified as CVE-2023-49722, is a critical flaw found in the WiFi firmware of the BCC101, BCC102, and BCC50 products. This vulnerability is due to an open network port, specifically port 8899, which could potentially allow an attacker to exploit the device and gain unauthorized access. This issue affects all <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-44955-critical-vulnerability-in-ruckus-network-director-allows-jail-users-to-gain-root-access\/\"  data-wpil-monitor-id=\"76088\">users of these products connected to the same WiFi network<\/a>. The severity of this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-43514-memory-corruption-vulnerability-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"31565\">vulnerability is underscored by its potential to compromise systems<\/a> and leak sensitive data, making it a significant concern for both individual users and businesses alike.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2023-49722<br \/>\nSeverity: High (8.3 CVSS Score)<br \/>\nAttack Vector: Network via WiFi<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-33113-memory-corruption-vulnerability-leading-to-system-compromise-or-data-leakage\/\"  data-wpil-monitor-id=\"31566\">System compromise and potential data<\/a> leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-3890472848\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>BCC101 | All versions<br \/>\nBCC102 | All versions<br \/>\nBCC50 | All versions<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The exploit takes advantage of an <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-45997-exploiting-file-upload-vulnerability-in-web-based-pharmacy-product-management-system\/\"  data-wpil-monitor-id=\"76089\">open port in the WiFi<\/a> firmware of the affected products. An attacker, when connected to the same WiFi network, can connect to this open port (8899) and gain <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-5881-unauthorized-access-vulnerability-in-the-genie-company-aladdin-connect\/\"  data-wpil-monitor-id=\"33998\">unauthorized access<\/a> to the device. This access could then be leveraged to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-33114-npu-memory-corruption-leading-to-potential-system-compromise-or-data-leakage\/\"  data-wpil-monitor-id=\"31863\">compromise the system or leak sensitive data<\/a>. The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-32491-privilege-escalation-vulnerability-in-rankology-seo\/\"  data-wpil-monitor-id=\"32302\">vulnerability does not require any user interaction or specific privileges<\/a>, making it a potent threat on any unprotected network.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-1748858724\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>This conceptual example demonstrates how an <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-41645-unauthenticated-remote-attacker-hijacking-via-demo-account\/\"  data-wpil-monitor-id=\"49986\">attacker might connect to a device via<\/a> the open port. Note that this is a simplified example and real-world attacks could be more complex or use different techniques.<\/p>\n<pre><code class=\"\" data-line=\"\"># Establish connection to target device via port 8899\nnc target_device_IP 8899\n# Once connected, execute commands or deploy exploit code\necho &quot;malicious_command_or_code&quot; &gt; \/path\/to\/target<\/code><\/pre>\n<p>This example presumes the attacker already has access to the same WiFi <a href=\"https:\/\/www.ameeba.com\/blog\/palo-alto-networks-targets-growth-amid-q3-2025-earnings-preview\/\"  data-wpil-monitor-id=\"48449\">network as the target<\/a> device. Remember, the best defense against such an attack is to apply the vendor&#8217;s patch or, as a temporary mitigation, employ a Web Application Firewall (WAF) or Intrusion Detection System (IDS).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The vulnerability, identified as CVE-2023-49722, is a critical flaw found in the WiFi firmware of the BCC101, BCC102, and BCC50 products. This vulnerability is due to an open network port, specifically port 8899, which could potentially allow an attacker to exploit the device and gain unauthorized access. This issue affects all users of these [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-26958","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/26958","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=26958"}],"version-history":[{"count":7,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/26958\/revisions"}],"predecessor-version":[{"id":68556,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/26958\/revisions\/68556"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=26958"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=26958"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=26958"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=26958"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=26958"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=26958"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=26958"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=26958"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=26958"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}