CVE-2024-24578

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-24578
RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple issues within the Java based `HMIPServer.jar` component. RaspberryMatric includes a Java based `HMIPServer`, that can be accessed through URLs starting with `/pages/jpages`. The `FirmwareController` class does however not perform any session id checks, thus this feature can be accessed without a valid session. Due to this issue, attackers can gain remote code execution as root user, allowing a full system compromise. Version 3.75.6.20240316 contains a patch.

10.0 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h
Configurations

No configuration.

History

19 Mar 2024, 13:26

Type Values Removed Values Added
Summary
  • (es) RaspberryMatic es un sistema operativo de código abierto para dispositivos de Internet de las cosas HomeMatic. RaspberryMatic/OCCU anterior a la versión 3.75.6.20240316 contiene una vulnerabilidad de ejecución remota de código (RCE) no autenticada, causada por múltiples problemas dentro del componente `HMIPServer.jar` basado en Java. RaspberryMatric incluye un `HMIPServer` basado en Java, al que se puede acceder a través de URL que comienzan con `/pages/jpages`. Sin embargo, la clase `FirmwareController` no realiza ninguna verificación de identificación de sesión, por lo que se puede acceder a esta función sin una sesión válida. Debido a este problema, los atacantes pueden obtener la ejecución remota de código como usuario root, lo que permite comprometer todo el sistema. La versión 3.75.6.20240316 contiene un parche.

18 Mar 2024, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-18 22:15

Updated : 2024-03-19 13:26

NVD link : CVE-2024-24578

Mitre link : CVE-2024-24578

CVE.ORG link : CVE-2024-24578

JSON object : View

Products Affected

No product.

CWE
CWE-23

Relative Path Traversal

CWE-306

Missing Authentication for Critical Function