CVE-2024-38944
published 2024-07-22CVE-2024-38944: An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.37%
81.7th percentile
An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component.
Detection & IOCsextracted from sources · hover to see the quote
- →Authentication bypass: unauthenticated HTTP GET/POST to /cgi-bin/generateForm.cgi?formID=142 on Intelight X-1L traffic controllers should be treated as an active exploitation attempt — no credentials are required to reach this endpoint. ↗
- →Monitor for requests to formID=142 specifically, as this parameter exposes the web security configuration panel allowing an attacker to disable authentication or harvest credentials. ↗
- →Alert on any unauthenticated access to the CGI web UI of devices running Linux 3.14.57 (Intelight x-1 platform), particularly requests to /cgi-bin/ paths without a prior authenticated session. ↗
- →Watch for configuration changes to the 'web security' setting (enabled → disabled) via the device UI, which would indicate an attacker has leveraged the bypass to remove authentication entirely. ↗
- ·Affected version is Maxtime firmware 1.9.x; confirm device firmware version before applying detections to avoid false positives on patched or unrelated devices. ↗
- ·The vulnerability requires network reachability to the controller's web UI; detections are only relevant if the management interface is exposed to untrusted networks. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2024-07-22
Published