CVE-2024-24578

CRITICAL

RaspberryMatic unauthenticated Remote Code Execution vulnerability through HMServer File Upload.

Title source: metasploit

Description

RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple issues within the Java based `HMIPServer.jar` component. RaspberryMatric includes a Java based `HMIPServer`, that can be accessed through URLs starting with `/pages/jpages`. The `FirmwareController` class does however not perform any session id checks, thus this feature can be accessed without a valid session. Due to this issue, attackers can gain remote code execution as root user, allowing a full system compromise. Version 3.75.6.20240316 contains a patch.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/raspberrymatic_unauth_rce_cve_2024_24578.rb

View Code ZIP pw:eip

References (1)

[Vendor Advisory, Exploit] https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h

Scores

CVSS v3 10.0

EPSS 0.6421

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-306 CWE-23

Status published

Products (1)

raspberrymatic/raspberrymatic < 3.75.6.20240316

Published Mar 18, 2024

Tracked Since Feb 18, 2026