CVE-2024-0305

MEDIUM EXPLOITED NUCLEI

Ncast < 2017 - Exposure of Sensitive Information via Guest Login

Title source: llm

Exploitation Summary

CVE-2024-0305 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including jidle123. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2024-0305, targeting Ncast盈可视高清智能录播系统. The exploit sends a crafted POST request to '/classes/common/busiFacade.php' with a payload that executes arbitrary commands via a 'ping' command injection.

Description

A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249872.

Exploits (1)

nomisec WORKING POC 1 stars

by jidle123 · remote

https://github.com/jidle123/cve-2024-0305exp

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2024-0305, targeting Ncast盈可视高清智能录播系统. The exploit sends a crafted POST request to '/classes/common/busiFacade.php' with a payload that executes arbitrary commands via a 'ping' command injection.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Ncast盈可视高清智能录播系统 (Ncast 2007, Ncast 2017)

No auth needed

Prerequisites: Network access to the target system · Target system running vulnerable Ncast software

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Ncast busiFacade - Remote Command Execution

HIGHVERIFIEDby BMCel

Shodan: http.title:"高清智能录播系统"

FOFA:

app="Ncast-产品" && title=="高清智能录播系统" || title="高清智能录播系统" || app="ncast-产品" && title=="高清智能录播系统"

References (3)

Core 3

Core References

Permissions Required, Third Party Advisory vdb-entry

https://vuldb.com/?id.249872

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.249872

Exploit exploit

https://github.com/2267787739/cve/blob/main/logic.md

View Exploit ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.6693

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2024-03-17

CWE

CWE-200

Status published

Products (1)

ncast_project/ncast 2007 - 2017

Published Jan 08, 2024

Tracked Since Feb 18, 2026