CVE-2024-44373 in AllSkyinfo

Summary

by MITRE • 08/19/2025

A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.06_06 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/save_file.php.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 12/03/2025

This vulnerability represents a critical path traversal flaw in the AllSky camera software ecosystem that affects versions ranging from v2023.05.01 through v2024.12.06_06. The vulnerability specifically exists within the /includes/save_file.php endpoint which processes file operations without adequate input validation or sanitization. An attacker can exploit this weakness by manipulating the path and content parameters to write arbitrary files to the filesystem, potentially enabling the creation of persistent webshells that provide continuous remote access to the affected system.

The technical implementation of this vulnerability stems from insufficient validation of user-supplied input parameters, particularly in how the application handles file paths during the save_file operation. When an attacker submits malicious input through the content parameter combined with a crafted path, the application fails to properly sanitize or validate these inputs, allowing an attacker to traverse the filesystem and write files to arbitrary locations. This type of vulnerability is classified as CWE-22 Path Traversal and falls under the broader category of insecure file handling practices. The lack of authentication requirements means that any remote user can exploit this vulnerability without requiring valid credentials, significantly amplifying the attack surface and potential impact.

The operational impact of this vulnerability is severe as it enables complete system compromise through remote code execution capabilities. An attacker who successfully exploits this vulnerability can establish persistent backdoors, install additional malicious software, and maintain long-term access to the affected AllSky system. The vulnerability affects the core functionality of the camera software and can potentially allow attackers to access sensitive data, modify system configurations, or even use the compromised device as a pivot point for attacking other systems within the network. This vulnerability directly maps to ATT&CK technique T1505.003 for web shell deployment and T1059.001 for command and script injection, representing a significant threat to IoT device security and network infrastructure.

Mitigation strategies should focus on immediate patching of affected versions to address the root cause of the path traversal vulnerability. Organizations should implement input validation controls that properly sanitize all user-supplied parameters, particularly those used in file operations. Network segmentation and access controls should be enforced to limit exposure of the AllSky system to untrusted networks. Additionally, implementing proper authentication mechanisms and restricting file write permissions on the web server can significantly reduce the attack surface. Regular security audits and penetration testing should be conducted to identify similar vulnerabilities in other components of the system. The vulnerability also highlights the importance of secure coding practices and input validation in IoT applications, particularly those handling user-provided data in file system operations.

Responsible

MITRE

Reservation

08/21/2024

Disclosure

08/19/2025

Moderation

accepted

CPE

ready

EPSS

0.01117

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!