CVE-2024-46506

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...

CVE-2024-48766

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php...

CVE-2024-46506

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...

NetAlertX 安全漏洞

NetAlertX is a network intruder and presence detector from the jokob-sk individual developer. A security vulnerability exists in NetAlertX versions prior to 23.01.14 through 24.10.12, which stems from unauthenticated command injection and could lead to arbitrary command execution...

VulnCheck KEV: CVE-2024-46506

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...

CVE-2024-46506

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...

CVE-2024-46506

CVE-2024-46506 – NetAlertX RCE : NetAlertX versions 23.01.14 through 24.x before 24.10.12 are vulnerable to unauthenticated command injection via a settings update, caused by missing authentication on function=savesettings and related to settings.php and util.php. The issue could allow remote com...

CVE-2024-48766

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php...

CVE-2024-48766

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php...

NetAlertX 安全漏洞

NetAlertX is a network intruder and presence detector from the jokob-sk individual developer. A security vulnerability exists in NetAlertX versions prior to 24.10.12, which stems from an HTTP client-ignorable redirect and issues related to strpos and directory traversal, which could lead to...

CVE-2024-48766

NetAlertX vulnerability CVE-2024-48766 affects versions 24.7.18–24.9.12. A directory traversal flaw allows unauthenticated file reads because an HTTP client can ignore redirects and due to path handling related to logs.php; exploitation observed in the wild (May 2025). Affected components include...

VulnCheck KEV: CVE-2024-48766

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php...

NetAlertX 24.9.12 Code Execution

NetAlertX version 24.9.12 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : NetAlertX 24.9.12 PHP Code Injection Vulnerability | | Author : indoushka ...

NetAlertX File Read Vulnerability

This module exploits improper authentication in logs.php endpoint. An unathenticated attacker can request log file and read any file due path traversal vulnerability. Module Options msf use auxiliary/scanner/http/netalertxfileread msf auxiliarynetalertxfileread show actions ...actions... msf...

Metasploit Weekly Wrap-Up 02/14/2025

New module content 2 Unauthenticated RCE in NetAlertX Authors: Chebuya Rhino Security Labs and Takahiro Yokoyama Type: Exploit Pull request: 19868 contributed by Takahiro-Yoko Path: linux/http/netalertxrcecve202446506 AttackerKB reference: CVE-2024-46506 Description: A new module for an...

Unauthenticated RCE in NetAlertX

An attacker can update NetAlertX settings with no authentication, which results in RCE. Module Options msf use exploit/linux/http/netalertxrcecve202446506 msf exploitnetalertxrcecve202446506 show targets ...targets... msf exploitnetalertxrcecve202446506 set TARGET msf...

NetAlertX 24.9.12 Command Injection

An attacker can update NetAlertX settings with no authentication, which results in command injection. Versions 23.01.14 through 24.9.12 are affected. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

CVE-2024-46506: Unauthenticated RCE in NetAlertx

The post CVE-2024-46506: Unauthenticated RCE in NetAlertx appeared first on Rhino Security Labs...

PT-2025-2739 · Netalertx · Netalertx

Name of the Vulnerable Software and Affected Versions: NetAlertx affected versions not specified Description: The issue is related to an unauthenticated Remote Code Execution RCE in NetAlertx. The vulnerability is being actively exploited. No specific details about affected devices or real-world...

PT-2024-41092 · Netalertxnetalertx +3 · * +1

Name of the Vulnerable Software and Affected Versions: NetAlertX versions 24.7.18 through 24.10.12 Description: The issue allows unauthenticated file reading due to factors related to strpos and directory traversal, where an HTTP client can ignore a redirect. This is related to components/logs.ph...