cbcvebase.
CVE-2024-55457
published 2025-02-20

CVE-2024-55457: MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the…

PriorityP276medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
3.01%
85.7th percentile
MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially exposing sensitive information.

Detection & IOCsextracted from sources · hover to see the quote

url/adama/adama/downloadService?type=1&file=../../../../etc/passwd
path/adama/adama/downloadService
  • HTTP GET request to /adama/adama/downloadService with directory traversal sequences in the 'file' parameter (e.g., ../../../../etc/passwd) indicates active exploitation.
  • Successful exploitation returns HTTP 200 with Content-Type header containing 'application/octet-stream' and 'filename=' alongside a Unix passwd file pattern in the response body.
  • Shodan query 'html:"MasterSAM"' can be used to identify internet-exposed MasterSAM Star Gate instances potentially vulnerable to CVE-2024-55457.
  • No authentication is required to exploit this vulnerability; monitor for unauthenticated GET requests to /adama/adama/downloadService with traversal sequences.
  • ·The vulnerability is specific to MasterSAM Star Gate version 11; other versions have not been confirmed as affected.

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
vulncheck6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.