CVE-2020-24032

CRITICAL

LPAR2RRD/STOR2RRD 2.70 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-24032. PoCs published by jet-pentest.

AI-analyzed exploit summary This repository contains a writeup for CVE-2020-24032, detailing an OS command injection vulnerability in XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances. The vulnerability allows remote command execution via shell metacharacters in the timezone parameter.

Description

tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone.

Exploits (1)

nomisec WRITEUP 1 stars
by jet-pentest · poc
https://github.com/jet-pentest/CVE-2020-24032

This repository contains a writeup for CVE-2020-24032, detailing an OS command injection vulnerability in XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances. The vulnerability allows remote command execution via shell metacharacters in the timezone parameter.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: XoruX LPAR2RRD and STOR2RRD Virtual Appliance version 2.70
No auth needed
Prerequisites: Network access to the vulnerable appliance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.stor2rrd.com/download.php
Broken Link x_refsource_misc
https://pastebin.com/dHhawgx8
Third Party Advisory x_refsource_misc
https://pastebin.com/G8981Fj8

Scores

CVSS v3 9.8
EPSS 0.0537
EPSS Percentile 91.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (2)
xorux/lpar2rrd 2.7.0
xorux/stor2rrd 2.7.0
Published Aug 18, 2020
Tracked Since Feb 18, 2026