CVE-2024-37770

CRITICAL

14Finger v1.1 - Remote Code Execution via Fingerprint Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-37770. PoCs published by k3ppf0r.

AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2024-37770, an RCE vulnerability in 14Finger v1.1. It includes screenshots of the vulnerable code path and explains how command injection occurs via the `crawl_site()` function when `only_spider` is false.

Description

14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload.

Exploits (1)

nomisec WRITEUP 1 stars

by k3ppf0r · poc

https://github.com/k3ppf0r/CVE-2024-37770

View Code ZIP pw:eip

The repository provides a detailed technical analysis of CVE-2024-37770, an RCE vulnerability in 14Finger v1.1. It includes screenshots of the vulnerable code path and explains how command injection occurs via the `crawl_site()` function when `only_spider` is false.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: 14Finger v1.1

No auth needed

Prerequisites: Network access to the target server · Ability to send crafted HTTP requests

MITRE ATT&CK

T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Issue Tracking, Vendor Advisory

https://github.com/b1ackc4t/14Finger/issues/13

Exploit, Third Party Advisory

https://github.com/k3ppf0r/CVE-2024-37770

Scores

CVSS v3 9.1

EPSS 0.0157

EPSS Percentile 72.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

b1ackc4t/14finger 1.1

Published Jul 10, 2024

Tracked Since Feb 18, 2026