CVE-2024-32258

HIGH

fceux 2.7.0 - Unauthenticated Path Traversal and Arbitrary File Write via Fake ROM

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-32258. PoCs published by secnotes.

AI-analyzed exploit summary The repository contains a functional PoC for CVE-2024-32258, a path traversal vulnerability in FCEUX_NetPlay 2.7.0. The exploit demonstrates arbitrary file overwrite by sending crafted ROM load requests to the server, leveraging insufficient input validation in the file path handling.

Description

The network server of fceux 2.7.0 has a path traversal vulnerability, allowing attackers to overwrite any files on the server without authentication by fake ROM.

Exploits (1)

nomisec WORKING POC 3 stars

by secnotes · poc

https://github.com/secnotes/CVE-2024-32258

View Code ZIP pw:eip

The repository contains a functional PoC for CVE-2024-32258, a path traversal vulnerability in FCEUX_NetPlay 2.7.0. The exploit demonstrates arbitrary file overwrite by sending crafted ROM load requests to the server, leveraging insufficient input validation in the file path handling.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: FCEUX_NetPlay 2.7.0

No auth needed

Prerequisites: Network access to the FCEUX_NetPlay server · Server configured to accept ROM load requests

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources

https://github.com/liyansong2018/CVE-2024-32258

Issue Tracking

https://github.com/TASEmulators/fceux/issues/727

Scores

CVSS v3 8.8

EPSS 0.0187

EPSS Percentile 76.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Published Apr 23, 2024

Tracked Since Feb 18, 2026