10 matches found
NetAlertX 23.01.14–24.x < 24.10.12 - Remote Code Execution
NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php. id: CVE-2024-46506 info: name:...
CVE-2024-46506
NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...
CVE-2024-46506
NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...
CVE-2024-46506
NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...
VulnCheck KEV: CVE-2024-46506
NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...
CVE-2024-46506
CVE-2024-46506 – NetAlertX RCE : NetAlertX versions 23.01.14 through 24.x before 24.10.12 are vulnerable to unauthenticated command injection via a settings update, caused by missing authentication on function=savesettings and related to settings.php and util.php. The issue could allow remote com...
Unauthenticated RCE in NetAlertX
An attacker can update NetAlertX settings with no authentication, which results in RCE. Module Options msf use exploit/linux/http/netalertxrcecve202446506 msf exploitnetalertxrcecve202446506 show targets ...targets... msf exploitnetalertxrcecve202446506 set TARGET msf...
NetAlertX 24.9.12 Command Injection
An attacker can update NetAlertX settings with no authentication, which results in command injection. Versions 23.01.14 through 24.9.12 are affected. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
CVE-2024-46506: Unauthenticated RCE in NetAlertx
The post CVE-2024-46506: Unauthenticated RCE in NetAlertx appeared first on Rhino Security Labs...
CVE-2024-46506
creationtimestamp| type| source ---|---|--- 2025-01-30 12:03:56+00:00| seen| https://bsky.app/profile/buherator.bsky.social/post/3lgxgwaf4e42q 2025-01-31 01:26:08+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/9588 2025-01-31 11:39:44+00:00| seen|...