CVE-2024-48766

HIGH EXPLOITED NUCLEI

NetAlertX 24.7.18-24.10.12 - Unauthenticated Path Traversal and Arbitrary File Read via logs.php

Title source: llm

Exploitation Summary

CVE-2024-48766 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including halilkirazkaya, chebuya, msutovsky-r7, including a Metasploit module auxiliary/scanner/http/netalertx_file_read. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains functional exploit code for multiple CVEs, including remote file inclusion, path traversal, and unauthorized file deletion vulnerabilities. Each PoC includes HTTP requests or commands to exploit the respective vulnerabilities.

Description

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php.

Exploits (2)

github WORKING POC 4 stars

by halilkirazkaya · poc

https://github.com/halilkirazkaya/cve-poc-garage/tree/main/2024/CVE-2024-48766.md

View Code ZIP pw:eip

This repository contains functional exploit code for multiple CVEs, including remote file inclusion, path traversal, and unauthorized file deletion vulnerabilities. Each PoC includes HTTP requests or commands to exploit the respective vulnerabilities.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Various (WordPress plugins, QNAP Photo Station, IBM Data Risk Manager, etc.)

No auth needed

Prerequisites: Network access to the target system · Specific software versions as listed in each CVE

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 27, 2026 Full analysis →

metasploit WORKING POC

by chebuya, msutovsky-r7 · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/netalertx_file_read.rb

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated path traversal vulnerability in NetAlertX's logs.php endpoint to read arbitrary files. It sends a crafted POST request with a traversal payload to leak file contents, such as /etc/passwd.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: NetAlertX versions 24.7.18 to 24.9.12

No auth needed

Prerequisites: Network access to the target's HTTP service on port 20211

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

NetAlert X - Arbitary File Read

CRITICALVERIFIEDby s4e-io

FOFA: NetAlert X

References (2)

Core 2

Core References

Exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/netalertx_file_read.rb

Exploit, Mitigation, Third Party Advisory

https://rhinosecuritylabs.com/research/cve-2024-46506-rce-in-netalertx/

Scores

CVSS v3 8.6

EPSS 0.5405

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2025-05-12

CWE

CWE-22 CWE-698

Status published

Products (1)

netalertx/netalertx 24.7.18 - 24.10.12

Published May 13, 2025

Tracked Since Feb 18, 2026