CVE-2024-40617

MEDIUM

FUJITSU Network Edgiot GW1500 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-40617. PoCs published by KyssK00L.

AI-analyzed exploit summary This PoC exploits CVE-2024-40617 by modifying the /etc/passwd file via FTP and SSH to escalate privileges to a root shell. It automates the process of copying, modifying, and replacing the passwd file to inject a malicious entry.

Description

Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). If a remote authenticated attacker with User Class privilege sends a specially crafted request to the affected product, access restricted files containing sensitive information may be accessed. As a result, Administrator Class privileges of the product may be hijacked.

Exploits (1)

nomisec WORKING POC 6 stars
by KyssK00L · poc
https://github.com/KyssK00L/CVE-2024-40617

This PoC exploits CVE-2024-40617 by modifying the /etc/passwd file via FTP and SSH to escalate privileges to a root shell. It automates the process of copying, modifying, and replacing the passwd file to inject a malicious entry.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Unknown (likely a network appliance or embedded system with FTP/SSH services)
Auth required
Prerequisites: SSH access with admin credentials · FTP access with admin credentials · Write access to /etc/passwd
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.5
EPSS 0.0142
EPSS Percentile 69.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (1)
fujitsu/network_edgiot_gw1500_firmware < v02l19c01
Published Jul 17, 2024
Tracked Since Feb 18, 2026