CVE-2024-51092

LibreNMS Authenticated RCE (CVE-2024-51092)

Description

An authenticated attacker can create dangerous directory names on the system and alter sensitive configuration parameters through the web portal. Those two defects combined then allows to inject arbitrary OS commands inside shell_exec() calls, thus achieving arbitrary code execution.

Exploits (1)

metasploit WORKING POC EXCELLENT

by murrant (Tony Murray), Takahiro Yokoyama · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb

View Code ZIP pw:eip

Details

Status draft

Tracked Since Feb 18, 2026