cbcvebase.
CVE-2024-46627
published 2024-09-26

CVE-2024-46627: Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.

PriorityP270critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
3.92%
89.0th percentile
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.

Detection & IOCsextracted from sources · hover to see the quote

url/rest/users/1/settings/
  • Unauthenticated GET request to /rest/users/1/settings/ returning JSON with fields 'response_type', 'model', and 'time' in the body with Content-Type application/json indicates successful auth bypass exploitation.
  • Shodan query 'http.title:"datagerry"' can be used to identify exposed DATAGERRY instances potentially vulnerable to CVE-2024-46627.
  • ·Vulnerability is specific to BECN DATAGERRY v2.2; other versions may not be affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.