CVE-2024-51092

CRITICAL

LibreNMS Authenticated RCE (CVE-2024-51092)

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-51092. PoCs published by murrant (Tony Murray), Takahiro Yokoyama, including Metasploit module exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.

AI-analyzed exploit summary This Metasploit module exploits CVE-2024-51092 in LibreNMS by leveraging authenticated directory name manipulation and configuration parameter alteration to achieve remote code execution via shell_exec() calls. It includes full exploit chain logic, from authentication to payload delivery.

Description

LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's initRrdDirectory().

Exploits (1)

metasploit WORKING POC EXCELLENT

by murrant (Tony Murray), Takahiro Yokoyama · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2024-51092 in LibreNMS by leveraging authenticated directory name manipulation and configuration parameter alteration to achieve remote code execution via shell_exec() calls. It includes full exploit chain logic, from authentication to payload delivery.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: LibreNMS versions 24.9.0 to 24.9.1

Auth required

Prerequisites: Valid LibreNMS credentials · Network access to LibreNMS web interface · Cron job enabled for device polling

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb

https://github.com/librenms/librenms/security/advisories/GHSA-x645-6pf9-xwxw

Scores

CVSS v3 9.1

EPSS 0.4411

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-78

Status published

Products (2)

librenms/librenms < 24.10.0

librenms/librenms 0 - 24.10.0Packagist

Published May 08, 2026

Tracked Since Feb 18, 2026