CVE-2024-36424

MEDIUM

K7 Ultimate Security <17.0.2019 - DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-36424. PoCs published by M. Akil Gündoğan, secunnix.

AI-analyzed exploit summary This PoC demonstrates a null pointer dereference vulnerability in K7 Ultimate Security's K7RKScan.sys driver (version < 17.0.2019) via IOCTL 0x222010, leading to a BSOD. The exploit opens a handle to the driver and sends a crafted DeviceIoControl request with a null input buffer.

Description

K7RKScan.sys in K7 Ultimate Security before 17.0.2019 allows local users to cause a denial of service (BSOD) because of a NULL pointer dereference.

Exploits (2)

exploitdb WORKING POC
by M. Akil Gündoğan · pythonremotemultiple
https://www.exploit-db.com/exploits/52158

This PoC demonstrates a null pointer dereference vulnerability in K7 Ultimate Security's K7RKScan.sys driver (version < 17.0.2019) via IOCTL 0x222010, leading to a BSOD. The exploit opens a handle to the driver and sends a crafted DeviceIoControl request with a null input buffer.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: K7 Ultimate Security < v17.0.2019 (K7RKScan.sys driver)
No auth needed
Prerequisites: K7 Ultimate Security < v17.0.2019 installed · Driver loaded (K7RKScan.sys)
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 3 stars
by secunnix · poc
https://github.com/secunnix/CVE-2024-36424

The repository contains a functional proof-of-concept exploit for CVE-2024-36424, a null pointer dereference vulnerability in K7 Ultimate Security's K7RKScan.sys driver. The PoC triggers a BSOD by sending a crafted IOCTL request with a null input buffer to the vulnerable driver.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: K7 Ultimate Security < v17.0.2019
No auth needed
Prerequisites: K7 Ultimate Security < v17.0.2019 installed · K7RKScan.sys driver loaded
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.5
EPSS 0.0099
EPSS Percentile 58.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-476
Status published
Products (1)
k7computing/k7_ultimate_security < 17.0.2019
Published Aug 06, 2024
Tracked Since Feb 18, 2026