CVE-2024-22734

MEDIUM

AMCS Group Trux Waste Mgmt <7.19.0018.26912 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-22734. PoCs published by securekomodo.

AI-analyzed exploit summary This PoC exploits CVE-2024-22734 by reflecting into the AMCS Trux application's DLL to extract hardcoded database credentials and decryption keys. It decrypts a base64-encoded ciphertext from a configuration file using AES, revealing sensitive database credentials.

Description

An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the TxUtilities.dll and TruxUser.cfg components.

Exploits (1)

nomisec WORKING POC 2 stars

by securekomodo · poc

https://github.com/securekomodo/CVE-2024-22734

View Code ZIP pw:eip

This PoC exploits CVE-2024-22734 by reflecting into the AMCS Trux application's DLL to extract hardcoded database credentials and decryption keys. It decrypts a base64-encoded ciphertext from a configuration file using AES, revealing sensitive database credentials.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: AMCS Trux 7.19.0018 (219580057)

No auth needed

Prerequisites: Access to TxUtilities.dll · Access to TruxUser.cfg file

MITRE ATT&CK

T1552.001 - Credentials In Files T1552.004 - Private Keys

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://www.redlinecybersecurity.com/blog/cve-2024-22734

Scores

CVSS v3 6.2

EPSS 0.0073

EPSS Percentile 49.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (1)

amcsgroup/trux_waste_management < 7.19.0018.26912

Published Apr 12, 2024

Tracked Since Feb 18, 2026