CVERadar

CVE-2024-45416

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.00085/1

CVE-2024-45416 is a local file inclusion vulnerability affecting ZTE routers that could lead to remote code execution. The HTTPD binary's session_init function improperly handles session files, allowing an attacker to execute arbitrary code with root privileges. Specifically, the function iterates through files in the /var/lua_session directory and executes them without validation, meaning an attacker who can write a malicious file to that directory can gain RCE. The CVSS score is 0, but the SOCRadar Vulnerability Risk Score (SVRS) is 30, indicating a low to medium risk. While not immediately critical, this vulnerability should be monitored, as successful exploitation grants root access to the affected device. This could allow attackers to compromise the router and potentially gain access to the network it protects, leading to data breaches or other malicious activities. Organizations using ZTE routers should investigate this vulnerability and implement appropriate mitigation strategies.

TAGS

No tags available

VECTOR STRING

PUBLICATION DATE2024-09-16

LAST MODIFIED2024-09-20

SOCRadar

AI Insight

Description:

CVE-2024-45416 is a local file inclusion vulnerability in the HTTPD binary of multiple ZTE routers. An attacker can exploit this vulnerability to execute arbitrary code as root by writing a malicious file to the /var/lua_session directory.

Key Insights:

The vulnerability has a CVSS score of 0, indicating that it is not considered a critical vulnerability. However, the SOCRadar Vulnerability Risk Score (SVRS) of 42 indicates that it is still a significant risk that requires attention.
The vulnerability is actively exploited by hackers, as evidenced by the fact that it is "In the Wild."
The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.

Mitigation Strategies:

Update the affected routers to the latest firmware version.
Restrict access to the /var/lua_session directory.
Implement a web application firewall (WAF) to block malicious requests.
Monitor the routers for suspicious activity.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

No news found for this CVE

Social Media

CRAC Learning - Tech

@cracbot

2024-09-20

CVE-2024-45416 (CVSS:8.1, HIGH) is Received. The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. The session ..https://t.co/hFVPF5fQNC #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

Vulmon Vulnerability Feed

@VulmonFeeds

2024-09-16

CVE-2024-45416 Remote Code Execution in ZTE Routers via Local File Inclusion The HTTPD binary in several ZTE routers has a local file inclusion vulnerability in the session_init function. The session -LUA- files ... https://t.co/6hpaCyybQR

CVE

@CVEnew

2024-09-16

CVE-2024-45416 The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. The session -LUA- files are stored in the directory /var/l… https://t.co/btQKyLAr4N

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory/

CWE Details

CWE ID	CWE Name	Description
CWE-829	Inclusion of Functionality from Untrusted Control Sphere	The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence