CVE-2024-46627
published 2024-09-26CVE-2024-46627: Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.
PriorityP270critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
3.92%
89.0th percentile
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.
Detection & IOCsextracted from sources · hover to see the quote
- →Unauthenticated GET request to /rest/users/1/settings/ returning JSON with fields 'response_type', 'model', and 'time' in the body with Content-Type application/json indicates successful auth bypass exploitation. ↗
- →Shodan query 'http.title:"datagerry"' can be used to identify exposed DATAGERRY instances potentially vulnerable to CVE-2024-46627. ↗
- ·Vulnerability is specific to BECN DATAGERRY v2.2; other versions may not be affected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
DATAGERRY - REST API Auth Bypass
nuclei·CVSS 9.1
CVE-2024-46627 [CRITICAL] DATAGERRY - REST API Auth Bypass
DATAGERRY - REST API Auth Bypass
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.
Template:
id: CVE-2024-46627
info:
name: DATAGERRY - REST API Auth Bypass
author: gy741
severity: critical
description: |
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.
remediation: |
Apply the latest security patches and updates from the vendor to address this vulnerability.
impact: |
Allows unauthorized access to REST API
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-46627
- https://daly.wtf/cve-2024-46627-incorrect-access-control-in-becn-datagerry-v2-2-allows-attackers-to-execute-arbitrary-commands-via-crafted-web-requests/
- https://datagerry.com/
-
No writeups or analysis indexed.
2024-09-26
Published