CVE-2024-55457

MEDIUM EXPLOITED NUCLEI

MasterSAM Star Gate 11 - Path Traversal

Title source: llm

Exploitation Summary

CVE-2024-55457 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including iSee857, h13nh04ng. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a functional exploit for CVE-2026-22812, targeting OpenCode for remote command execution (RCE). The script establishes a session, then sends a crafted JSON payload to execute the 'id' command, verifying vulnerability by checking for 'uid=' and 'gid=' in the response.

Description

MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially exposing sensitive information.

Exploits (2)

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/MasterSAM_downloadService(CVE-2024-55457).py

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2026-22812, targeting OpenCode for remote command execution (RCE). The script establishes a session, then sends a crafted JSON payload to execute the 'id' command, verifying vulnerability by checking for 'uid=' and 'gid=' in the response.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenCode (version unspecified)

No auth needed

Prerequisites: Network access to the target · OpenCode service exposed on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WRITEUP

by h13nh04ng · remote

https://github.com/h13nh04ng/CVE-2024-55457-PoC

View Code ZIP pw:eip

This repository contains a writeup describing a directory traversal vulnerability in MasterSAM Star Gate v11. The vulnerability allows unauthenticated attackers to access arbitrary files on the server via the /adama/adama/downloadService endpoint by manipulating the file parameter.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: MasterSAM Star Gate v11

No auth needed

Prerequisites: Network access to the target server

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

MasterSAM Star Gate v11 - Local File Inclusion

HIGHVERIFIEDby DhiyaneshDK

Shodan: html:"MasterSAM"

References (1)

Core 1

Core References

Various Sources

https://github.com/h13nh04ng/CVE-2024-55457-PoC

Scores

CVSS v3 6.5

EPSS 0.0301

EPSS Percentile 85.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2025-06-27

CWE

CWE-22

Status published

Published Feb 20, 2025

Tracked Since Feb 18, 2026