DCN DCME-320/DCME-320-L/DCME-520/DCME-720 up to 7.4.12.90/9.1.5.11/9.3.5.26/9.25.5.11 traceroute.php privilege escalation

Summaryinfo

A vulnerability described as critical has been identified in DCN DCME-320, DCME-320-L, DCME-520 and DCME-720 up to 7.4.12.90/9.1.5.11/9.3.5.26/9.25.5.11. The affected element is an unknown function of the file /function/system/tool/traceroute.php. Such manipulation leads to Remote Privilege Escalation. This vulnerability is traded as CVE-2024-52781. The attack may be launched remotely. There is no exploit available.

Detailsinfo

A vulnerability was found in DCN DCME-320, DCME-320-L, DCME-520 and DCME-720 up to 7.4.12.90/9.1.5.11/9.3.5.26/9.25.5.11. It has been rated as critical. Affected by this issue is an unknown code block of the file /function/system/tool/traceroute.php. The manipulation with an unknown input leads to a remote privilege escalation vulnerability. Impacted is confidentiality, integrity, and availability. CVE summarizes:

DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/tool/traceroute.php.

The advisory is shared for download at ba1100n.tech. This vulnerability is handled as CVE-2024-52781 since 11/15/2024. The exploitation is known to be easy. The attack may be launched remotely. There are known technical details, but no exploit is available.

By approaching the search of inurl:function/system/tool/traceroute.php it is possible to find vulnerable targets with Google Hacking.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Vendor

• DCN

Name

• DCME-320
• DCME-320-L
• DCME-520
• DCME-720

Version

• 7.4.12.0
• 7.4.12.1
• 7.4.12.2
• 7.4.12.3
• 7.4.12.4
• 7.4.12.5
• 7.4.12.6
• 7.4.12.7
• 7.4.12.8
• 7.4.12.9
• 7.4.12.10
• 7.4.12.11
• 7.4.12.12
• 7.4.12.13
• 7.4.12.14
• 7.4.12.15
• 7.4.12.16
• 7.4.12.17
• 7.4.12.18
• 7.4.12.19
• 7.4.12.20
• 7.4.12.21
• 7.4.12.22
• 7.4.12.23
• 7.4.12.24
• 7.4.12.25
• 7.4.12.26
• 7.4.12.27
• 7.4.12.28
• 7.4.12.29
• 7.4.12.30
• 7.4.12.31
• 7.4.12.32
• 7.4.12.33
• 7.4.12.34
• 7.4.12.35
• 7.4.12.36
• 7.4.12.37
• 7.4.12.38
• 7.4.12.39
• 7.4.12.40
• 7.4.12.41
• 7.4.12.42
• 7.4.12.43
• 7.4.12.44
• 7.4.12.45
• 7.4.12.46
• 7.4.12.47
• 7.4.12.48
• 7.4.12.49
• 7.4.12.50
• 7.4.12.51
• 7.4.12.52
• 7.4.12.53
• 7.4.12.54
• 7.4.12.55
• 7.4.12.56
• 7.4.12.57
• 7.4.12.58
• 7.4.12.59
• 7.4.12.60
• 7.4.12.61
• 7.4.12.62
• 7.4.12.63
• 7.4.12.64
• 7.4.12.65
• 7.4.12.66
• 7.4.12.67
• 7.4.12.68
• 7.4.12.69
• 7.4.12.70
• 7.4.12.71
• 7.4.12.72
• 7.4.12.73
• 7.4.12.74
• 7.4.12.75
• 7.4.12.76
• 7.4.12.77
• 7.4.12.78
• 7.4.12.79
• 7.4.12.80
• 7.4.12.81
• 7.4.12.82
• 7.4.12.83
• 7.4.12.84
• 7.4.12.85
• 7.4.12.86
• 7.4.12.87
• 7.4.12.88
• 7.4.12.89
• 7.4.12.90
• 9.1.5.0
• 9.1.5.1
• 9.1.5.2
• 9.1.5.3
• 9.1.5.4
• 9.1.5.5
• 9.1.5.6
• 9.1.5.7
• 9.1.5.8
• 9.1.5.9
• 9.1.5.10
• 9.1.5.11
• 9.3.5.0
• 9.3.5.1
• 9.3.5.2
• 9.3.5.3
• 9.3.5.4
• 9.3.5.5
• 9.3.5.6
• 9.3.5.7
• 9.3.5.8
• 9.3.5.9
• 9.3.5.10
• 9.3.5.11
• 9.3.5.12
• 9.3.5.13
• 9.3.5.14
• 9.3.5.15
• 9.3.5.16
• 9.3.5.17
• 9.3.5.18
• 9.3.5.19
• 9.3.5.20
• 9.3.5.21
• 9.3.5.22
• 9.3.5.23
• 9.3.5.24
• 9.3.5.25
• 9.3.5.26
• 9.25.5.0
• 9.25.5.1
• 9.25.5.2
• 9.25.5.3
• 9.25.5.4
• 9.25.5.5
• 9.25.5.6
• 9.25.5.7
• 9.25.5.8
• 9.25.5.9
• 9.25.5.10
• 9.25.5.11

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussion