CVE-2024-7591

CRITICAL NUCLEI

Kemptechnologies Loadmaster < 7.2.60.0 - OS Command Injection

Title source: rule

Description

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above

Exploits (1)

nomisec WORKING POC
by butyraldehyde · poc
https://github.com/butyraldehyde/CVE-2024-7591-PoC

Nuclei Templates (1)

Kemp LoadMaster Load Balancer - Unauthenticated Command Injection
CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch
Shodan: html:"Kemp Login Screen"

References (2)

Scores

CVSS v3 10.0
EPSS 0.3146
EPSS Percentile 96.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (2)
kemptechnologies/loadmaster 7.2.40.0 - 7.2.60.0
kemptechnologies/multi-tenant_hypervisor_firmware 7.1.35.4 - 7.1.35.11
Published Sep 05, 2024
Tracked Since Feb 18, 2026