CVE-2024-54910

MEDIUM

Hasleo Backup Suite Free <4.9.4 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-54910. PoCs published by KrakenEU.

AI-analyzed exploit summary This repository contains a detailed writeup explaining how to exploit CVE-2024-54910, a vulnerability in Hasleo Backup Suite Free <= 4.9.4 that allows arbitrary file writes via symbolic links during backup recovery, leading to privilege escalation on Windows systems.

Description

Hasleo Backup Suite Free v4.9.4 and before is vulnerable to Insecure Permissions via the File recovery function.

Exploits (1)

nomisec WRITEUP 3 stars

by KrakenEU · poc

https://github.com/KrakenEU/CVE-2024-54910

View Code ZIP pw:eip

This repository contains a detailed writeup explaining how to exploit CVE-2024-54910, a vulnerability in Hasleo Backup Suite Free <= 4.9.4 that allows arbitrary file writes via symbolic links during backup recovery, leading to privilege escalation on Windows systems.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Hasleo Backup Suite Free <= 4.9.4

Auth required

Prerequisites: Low-privileged user access · Hasleo Backup Suite Free <= 4.9.4 installed · Ability to create symbolic links

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources

https://github.com/KrakenEU/CVE-2024-54910

Various Sources

https://www.easyuefi.com/backup-software/backup-suite-free.html

Scores

CVSS v3 4.7

EPSS 0.0039

EPSS Percentile 30.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-732

Status published

Published Jan 10, 2025

Tracked Since Feb 18, 2026