CVE-2024-51442

HIGH

Minidlna <v1.3.3 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-51442. PoCs published by mselbrede.

AI-analyzed exploit summary CVE-2024-51442 is a command injection vulnerability in minidlna/Readyshare <= 1.3.3. The flaw arises from improper handling of the `db_dir` parameter in `minidlna.conf`, allowing arbitrary command execution via `system()` calls in the `rescan` functionality and `-R` command-line parameter.

Description

Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file.

Exploits (1)

nomisec WORKING POC
by mselbrede · poc
https://github.com/mselbrede/CVE-2024-51442

CVE-2024-51442 is a command injection vulnerability in minidlna/Readyshare <= 1.3.3. The flaw arises from improper handling of the `db_dir` parameter in `minidlna.conf`, allowing arbitrary command execution via `system()` calls in the `rescan` functionality and `-R` command-line parameter.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: minidlna/Readyshare <= 1.3.3
No auth needed
Prerequisites: Ability to modify `minidlna.conf` or pass the `-R` parameter
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.8
EPSS 0.0223
EPSS Percentile 80.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-77
Status published
Published Jan 08, 2025
Tracked Since Feb 18, 2026