CVE-2024-9166
published 2024-09-26CVE-2024-9166: The device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the…
PriorityP267critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.51%
71.3th percentile
The device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atelmo | atemio_am_520_hd_full_hd_satellite_receiver | <= TitanNit 2.01 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring HTTP GET requests to the /query endpoint containing the 'getcommand' parameter, especially combined with a 'cmd' parameter carrying shell commands. ↗
- →Responses from a vulnerable TitanNit Web Control device will contain 'titan.css' in the body; use this as a fingerprint to confirm the target is a TitanNit device. ↗
- →Use FOFA or similar asset-discovery tools to identify exposed TitanNit Web Control instances by searching for the page title 'TitanNit Web Control'. ↗
- →The exploit is unauthenticated (no credentials required) and requires only a single crafted GET request; alert on any external/internet-sourced request to /query?getcommand= on ICS/satellite-receiver devices. ↗
- ·The vulnerable parameter is 'getcommand' within the /query endpoint; the injected command is passed via the 'cmd' query parameter. Both parameters must be present in the request for the injection to trigger. ↗
- ·Affected product (Atemio AM 520 HD running TitanNit 2.01 and prior) has been discontinued by the vendor with no patch available; no service or support addresses can be contacted. ↗
- ·The Nuclei template uses an out-of-band (OAST/interactsh) callback to confirm code execution; detections relying solely on response body may miss blind RCE cases where the command output is not reflected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-279c-3782-hjv5: The device enables an unauthorized attacker to execute system commands with elevated privileges
ghsa_unreviewed·2024-09-26
CVE-2024-9166 [CRITICAL] CWE-78 GHSA-279c-3782-hjv5: The device enables an unauthorized attacker to execute system commands with elevated privileges
The device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access.
CISA ICS
Atelmo Atemio AM 520 HD Full HD Satellite Receiver
cisa_ics·2024-09-26·CVSS 9.3
[CRITICAL] Atelmo Atemio AM 520 HD Full HD Satellite Receiver
ICS Advisory
##
Atelmo Atemio AM 520 HD Full HD Satellite Receiver
Release DateSeptember 26, 2024
Alert CodeICSA-24-270-03
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Atelmo
- Equipment: Atemio AM 520 HD Full HD Satellite Receiver
- Vulnerability: OS Command Injection
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an unauthorized attacker to execute system commands with elevated privileges.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Atelmo Atemio AM 520 HD, a satellite receiver, are affected:
- Atemio A
No detection rules found.
Nuclei
TitanNit Web Control 2.01/Atemio 7600 - Remote Code Execution
nuclei·CVSS 9.3
CVE-2024-9166 [CRITICAL] TitanNit Web Control 2.01/Atemio 7600 - Remote Code Execution
TitanNit Web Control 2.01/Atemio 7600 - Remote Code Execution
The device contains a command injection caused by the 'getcommand' query in the application, letting unauthorized attackers execute system commands with root privileges, exploit requires attacker to send crafted requests.
Template:
id: CVE-2024-9166
info:
name: TitanNit Web Control 2.01/Atemio 7600 - Remote Code Execution
author: DhiyaneshDk
severity: critical
description: |
The device contains a command injection caused by the 'getcommand' query in the application, letting unauthorized attackers execute system commands with root privileges, exploit requires attacker to send crafted requests.
impact: |
Unauthenticated attackers can execute arbitrary system commands with root privileges through command injection in the getcom
No writeups or analysis indexed.
2024-09-26
Published