CVE-2024-1212

CRITICAL KEV NUCLEI

LoadMaster 7.2.48.1-7.2.48.9 - Unauthenticated OS Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-1212 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 18, 2024. EIP tracks 5 public exploits from researchers including Chocapikk, Rehan07-Human, r0otk3r, including a Metasploit module exploits/linux/http/progress_kemp_loadmaster_unauth_cmd_injection. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2024-1212, an unauthenticated command injection vulnerability in Kemp LoadMaster. The exploit includes both scanning and interactive shell capabilities, leveraging a crafted HTTP request to execute arbitrary commands.

Description

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.

Exploits (5)

nomisec WORKING POC 18 stars
by Chocapikk · remote
https://github.com/Chocapikk/CVE-2024-1212

This repository contains a functional Python exploit for CVE-2024-1212, an unauthenticated command injection vulnerability in Kemp LoadMaster. The exploit includes both scanning and interactive shell capabilities, leveraging a crafted HTTP request to execute arbitrary commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Kemp LoadMaster
No auth needed
Prerequisites: Network access to the target Kemp LoadMaster instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WRITEUP 1 stars
by Rehan07-Human · poc
https://github.com/Rehan07-Human/Exploiting-RCE-Cyber_Project_CVE-2024-1212

This repository contains a detailed technical writeup on exploiting CVE-2024-1212, an RCE vulnerability in Kemp LoadMaster. It includes reconnaissance steps, exploitation process, and mitigation strategies, but lacks actual exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Kemp LoadMaster
No auth needed
Prerequisites: Publicly exposed Kemp LoadMaster servers · Tools like Shodan, Nuclei, and Link Gopher
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by r0otk3r · remote
https://github.com/r0otk3r/CVE-2024-1212

The repository contains a functional Python exploit for CVE-2024-1212, an unauthenticated command injection vulnerability in Progress Kemp LoadMaster. The exploit sends a crafted HTTP request to the `/access/set` endpoint to execute arbitrary commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Progress Kemp LoadMaster
No auth needed
Prerequisites: Network access to the target LoadMaster instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Dave Yesland with Rhino Security Labs · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/progress_kemp_loadmaster_unauth_cmd_injection.rb

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Kemp LoadMaster by injecting payloads into the authorization header. It supports automatic and manual targeting modes, with payload execution controlled via a flag file to avoid duplicate sessions.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Progress Kemp LoadMaster (versions after 7.2.48.1, excluding patched versions 7.2.59.2, 7.2.54.8, and 7.2.48.10)
No auth needed
Prerequisites: Network access to the target's HTTPS interface (port 443) · Vulnerable version of Kemp LoadMaster
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Dave Yesland with Rhino Security Labs, bwatters-r7 · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/progress_kemp_loadmaster_sudo_privesc_2024.rb

This Metasploit module exploits a sudo privilege escalation vulnerability in Progress Kemp LoadMaster by overwriting a writable binary (/bin/loadkeys) with a malicious payload, allowing local privilege escalation to root.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Progress Kemp LoadMaster (versions allowing sudo elevation for /bin/loadkeys)
Auth required
Prerequisites: Local access to the system · Default 'bal' user or equivalent privileges · Writable /bin/loadkeys or similar sudo-permitted binary
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Progress Kemp LoadMaster - Command Injection
CRITICALVERIFIEDby DhiyaneshDK
Shodan: html:"LoadMaster"

References (5)

Core 5

Scores

CVSS v3 10.0
EPSS 0.9430
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2024-11-18
VulnCheck KEV 2024-03-29
InTheWild.io 2024-11-18
ENISA EUVD EUVD-2024-16979
CWE
CWE-78
Status published
Products (1)
progress/loadmaster 7.2.48.1 - 7.2.48.10
Published Feb 21, 2024
KEV Added Nov 18, 2024
Tracked Since Feb 18, 2026