CVE-2024-9166

CRITICAL NUCLEI

Atemio AM 520 HD Full HD Satellite Receiver < TitanNit 2.01 - Unauthenticated OS Command Injection via getcommand Query

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-9166. PoCs published by Andrysqui. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Python-based scanner for CVE-2024-9166, which checks for vulnerable patterns and tests exploitation via command injection. It includes functionality for header analysis and multi-threaded scanning.

Description

The device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access.

Exploits (1)

nomisec SCANNER 3 stars

by Andrysqui · poc

https://github.com/Andrysqui/CVE-2024-9166

View Code ZIP pw:eip

This repository contains a Python-based scanner for CVE-2024-9166, which checks for vulnerable patterns and tests exploitation via command injection. It includes functionality for header analysis and multi-threaded scanning.

Classification

Scanner 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Unspecified web server (checks for Apache, nginx, IIS, PHP, OpenSSL, Tomcat)

No auth needed

Prerequisites: Network access to target · Vulnerable web application with command injection flaw

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

TitanNit Web Control 2.01/Atemio 7600 - Remote Code Execution

CRITICALVERIFIEDby DhiyaneshDk

FOFA: title="TitanNit Web Control"

References (1)

Core 1

Core References

Third Party Advisory, US Government Resource government-resource

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-03

Scores

CVSS v4 9.3

EPSS 0.0151

EPSS Percentile 71.1%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

Atelmo/Atemio AM 520 HD Full HD Satellite Receiver < TitanNit 2.01

Published Sep 26, 2024

Tracked Since Feb 18, 2026