CVE-2024-46506

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-46506

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-46506.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-46506

Published

2025-05-13T16:15:23Z

Modified

2025-07-29T11:14:46.480586Z

Summary

[none]

Details

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php.

References

https://rhinosecuritylabs.com/research/cve-2024-46506-rce-in-netalertx/

Affected packages

Git / github.com/jokob-sk/netalertx

Affected ranges

Type: GIT
Repo: https://github.com/jokob-sk/netalertx
Events: Introduced

3c13f82d61cd7599f84e750f364c9872ac579316

Fixed

d36486ef6de3985dac19195cf333e4de31601bcb

Affected versions

23.*

23.01.14

23.01.22-HF01

v23.*

v23.01.22

v23.01.22-HF02

v23.02.02

v23.03.11

v23.04.01

v23.10.2

v23.11.11

v23.12.16

v23.5.7

v23.6.16

v23.7.22

v23.9.10

v23.9.11

v23.9.12

v24.*

v24.01.18

v24.2.16

v24.2.17

v24.3.19

v24.4.17

v24.5.9

v24.6.8

v24.7.18

v24.9.12

v24.9.26