CVE-2024-24578

CRITICAL

RaspberryMatic unauthenticated Remote Code Execution vulnerability through HMServer File Upload.

Title source: metasploit

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-24578. Includes Metasploit module exploits/linux/http/raspberrymatic_unauth_rce_cve_2024_24578.

AI-analyzed exploit summary This Metasploit module exploits CVE-2024-24578, an unauthenticated RCE vulnerability in RaspberryMatic via a Zip Slip attack. It uploads a malicious .tgz file to overwrite the watchdog script, achieving root execution through a cron job.

Description

RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple issues within the Java based `HMIPServer.jar` component. RaspberryMatric includes a Java based `HMIPServer`, that can be accessed through URLs starting with `/pages/jpages`. The `FirmwareController` class does however not perform any session id checks, thus this feature can be accessed without a valid session. Due to this issue, attackers can gain remote code execution as root user, allowing a full system compromise. Version 3.75.6.20240316 contains a patch.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/raspberrymatic_unauth_rce_cve_2024_24578.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2024-24578, an unauthenticated RCE vulnerability in RaspberryMatic via a Zip Slip attack. It uploads a malicious .tgz file to overwrite the watchdog script, achieving root execution through a cron job.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: RaspberryMatic <= 3.73.9.20240130

No auth needed

Prerequisites: Network access to the target's web interface · Target running vulnerable RaspberryMatic version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory, Exploit x_refsource_confirm

https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h

Scores

CVSS v3 10.0

EPSS 0.0874

EPSS Percentile 94.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-306 CWE-23

Status published

Products (1)

raspberrymatic/raspberrymatic < 3.75.6.20240316

Published Mar 18, 2024

Tracked Since Feb 18, 2026