CVE-2024-46627

CRITICAL NUCLEI

BECN DATAGERRY v2.2 - Improper Access Control

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-46627. PoCs published by d4lyw. A Nuclei detection template is also available.

AI-analyzed exploit summary CVE-2024-46627 describes an incorrect access control vulnerability in BECN DATAGERRY v2.2, allowing unauthenticated attackers to manipulate user settings via REST API endpoints. The README provides details on affected endpoints, reproduction steps, and references to documentation.

Description

Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.

Exploits (1)

nomisec WRITEUP
by d4lyw · poc
https://github.com/d4lyw/CVE-2024-46627

CVE-2024-46627 describes an incorrect access control vulnerability in BECN DATAGERRY v2.2, allowing unauthenticated attackers to manipulate user settings via REST API endpoints. The README provides details on affected endpoints, reproduction steps, and references to documentation.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: BECN DATAGERRY v2.2
No auth needed
Prerequisites: Network access to the target application · Knowledge of valid user IDs
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

DATAGERRY - REST API Auth Bypass
CRITICALVERIFIEDby gy741
Shodan: http.title:"datagerry"

References (4)

Core 4

Scores

CVSS v3 9.1
EPSS 0.0392
EPSS Percentile 89.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-284
Status published
Published Sep 26, 2024
Tracked Since Feb 18, 2026