CVE-2024-0305

MEDIUM EXPLOITED NUCLEI

Ncast < 2017 - Information Disclosure

Title source: rule

Description

A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249872.

Exploits (1)

nomisec WORKING POC 1 stars

by jidle123 · remote

https://github.com/jidle123/cve-2024-0305exp

View Code ZIP pw:eip

Nuclei Templates (1)

Ncast busiFacade - Remote Command Execution

HIGHVERIFIEDby BMCel

Shodan: http.title:"高清智能录播系统"

FOFA:

app="Ncast-产品" && title=="高清智能录播系统" || title="高清智能录播系统" || app="ncast-产品" && title=="高清智能录播系统"

References (3)

[Exploit] https://github.com/2267787739/cve/blob/main/logic.md

[Permissions Required, Third Party Advisory] https://vuldb.com/?ctiid.249872

[Permissions Required, Third Party Advisory] https://vuldb.com/?id.249872

Scores

CVSS v3 5.3

EPSS 0.9363

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

VulnCheck KEV 2024-03-17

CWE

CWE-200

Status published

Products (1)

ncast_project/ncast 2007 - 2017

Published Jan 08, 2024

Tracked Since Feb 18, 2026