CVE-2024-39178

MEDIUM

MyPower vc8100 V100R001C00B030 - Path Traversal via tcpdump.php menu_uuid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-39178. PoCs published by WarmBrew.

AI-analyzed exploit summary The repository contains detailed technical writeups for multiple CVEs, including CVE-2024-39178, with descriptions, affected versions, and vulnerability types. It includes code snippets and HTTP request examples for some vulnerabilities but lacks functional exploit code.

Description

MyPower vc8100 V100R001C00B030 was discovered to contain an arbitrary file read vulnerability via the component /tcpdump/tcpdump.php?menu_uuid.

Exploits (1)

github WRITEUP 3 stars

by WarmBrew · poc

https://github.com/WarmBrew/web_vul/tree/main/CVES/CVE-2024-39178.md

View Code ZIP pw:eip

The repository contains detailed technical writeups for multiple CVEs, including CVE-2024-39178, with descriptions, affected versions, and vulnerability types. It includes code snippets and HTTP request examples for some vulnerabilities but lacks functional exploit code.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: MyPower vc8100 V100R001C00B030

No auth needed

Prerequisites: knowledge of the vulnerability · access to the target system

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources

https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-39178.md

View Writeup ZIP pw:eip

Various Sources

https://github.com/WarmBrew/web_vul/blob/main/Maipu/MyPower%20vc8100/MyPower_vc8100.md

Scores

CVSS v3 5.4

EPSS 0.0035

EPSS Percentile 27.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Published Jul 05, 2024

Tracked Since Feb 18, 2026