CVE-2024-51114: n/a
CVE-2024-51114 is a high-severity remote code execution vulnerability affecting Beijing Digital China Yunke Information Technology Co. Ltd version 7. 2. 6. 120. The flaw exists in the customizable. php file located at code/function/dpi/web_auth/, allowing an attacker with low privileges to execute arbitrary code remotely without user interaction. The vulnerability is linked to CWE-77, indicating command injection issues. Although no known exploits are currently reported in the wild, the CVSS score of 8. 8 reflects significant risk due to its impact on confidentiality, integrity, and availability.
AI Analysis
Technical Summary
CVE-2024-51114 is a critical vulnerability identified in Beijing Digital China Yunke Information Technology Co.Ltd's software version 7.2.6.120. The vulnerability resides in the customizable.php script within the code/function/dpi/web_auth/ directory. It allows remote attackers to execute arbitrary code on the affected system by exploiting improper input validation leading to command injection (CWE-77). The attack vector is network-based (AV:N), requiring low attack complexity (AC:L) and low privileges (PR:L), but no user interaction (UI:N) is needed. The vulnerability impacts confidentiality, integrity, and availability (C:H/I:H/A:H), making it highly dangerous. Although no public exploits have been reported yet, the nature of the vulnerability suggests that exploitation could lead to full system compromise. The lack of available patches increases the urgency for organizations to implement interim protective measures. The vulnerability is particularly concerning for environments where this software is used for web authentication and DPI (Deep Packet Inspection) functions, as compromise could undermine network security controls.
Potential Impact
The vulnerability allows remote attackers to execute arbitrary code, potentially leading to full system compromise. This can result in unauthorized access to sensitive data, disruption of services, and manipulation or destruction of critical information. Given the software's role in web authentication and DPI, exploitation could also enable attackers to bypass security controls, intercept or alter network traffic, and escalate privileges within the network. Organizations relying on this product for network security or authentication may face significant operational and reputational damage. The high CVSS score reflects the broad impact on confidentiality, integrity, and availability. Without patches, the risk of exploitation remains elevated, especially in environments with exposed network access to the vulnerable component.
Mitigation Recommendations
1. Immediately restrict network access to the vulnerable customizable.php endpoint by implementing firewall rules or network segmentation to limit exposure. 2. Monitor logs and network traffic for unusual activity targeting the code/function/dpi/web_auth/customizable.php path or signs of command injection attempts. 3. Employ Web Application Firewalls (WAFs) with custom rules to detect and block injection payloads targeting this vulnerability. 4. Enforce the principle of least privilege for accounts interacting with the vulnerable system to reduce the impact of potential exploitation. 5. Engage with the vendor for timely patches or updates and apply them as soon as they become available. 6. Conduct thorough security assessments and penetration testing focusing on this vulnerability to identify and remediate potential exploitation paths. 7. Educate system administrators and security teams about the vulnerability specifics to enhance detection and response capabilities.
Affected Countries
China, India, Russia, United States, South Korea, Japan, Singapore, Malaysia, Vietnam, Indonesia
CVE-2024-51114: n/a
Description
CVE-2024-51114 is a high-severity remote code execution vulnerability affecting Beijing Digital China Yunke Information Technology Co. Ltd version 7. 2. 6. 120. The flaw exists in the customizable. php file located at code/function/dpi/web_auth/, allowing an attacker with low privileges to execute arbitrary code remotely without user interaction. The vulnerability is linked to CWE-77, indicating command injection issues. Although no known exploits are currently reported in the wild, the CVSS score of 8. 8 reflects significant risk due to its impact on confidentiality, integrity, and availability.
AI-Powered Analysis
Technical Analysis
CVE-2024-51114 is a critical vulnerability identified in Beijing Digital China Yunke Information Technology Co.Ltd's software version 7.2.6.120. The vulnerability resides in the customizable.php script within the code/function/dpi/web_auth/ directory. It allows remote attackers to execute arbitrary code on the affected system by exploiting improper input validation leading to command injection (CWE-77). The attack vector is network-based (AV:N), requiring low attack complexity (AC:L) and low privileges (PR:L), but no user interaction (UI:N) is needed. The vulnerability impacts confidentiality, integrity, and availability (C:H/I:H/A:H), making it highly dangerous. Although no public exploits have been reported yet, the nature of the vulnerability suggests that exploitation could lead to full system compromise. The lack of available patches increases the urgency for organizations to implement interim protective measures. The vulnerability is particularly concerning for environments where this software is used for web authentication and DPI (Deep Packet Inspection) functions, as compromise could undermine network security controls.
Potential Impact
The vulnerability allows remote attackers to execute arbitrary code, potentially leading to full system compromise. This can result in unauthorized access to sensitive data, disruption of services, and manipulation or destruction of critical information. Given the software's role in web authentication and DPI, exploitation could also enable attackers to bypass security controls, intercept or alter network traffic, and escalate privileges within the network. Organizations relying on this product for network security or authentication may face significant operational and reputational damage. The high CVSS score reflects the broad impact on confidentiality, integrity, and availability. Without patches, the risk of exploitation remains elevated, especially in environments with exposed network access to the vulnerable component.
Mitigation Recommendations
1. Immediately restrict network access to the vulnerable customizable.php endpoint by implementing firewall rules or network segmentation to limit exposure. 2. Monitor logs and network traffic for unusual activity targeting the code/function/dpi/web_auth/customizable.php path or signs of command injection attempts. 3. Employ Web Application Firewalls (WAFs) with custom rules to detect and block injection payloads targeting this vulnerability. 4. Enforce the principle of least privilege for accounts interacting with the vulnerable system to reduce the impact of potential exploitation. 5. Engage with the vendor for timely patches or updates and apply them as soon as they become available. 6. Conduct thorough security assessments and penetration testing focusing on this vulnerability to identify and remediate potential exploitation paths. 7. Educate system administrators and security teams about the vulnerability specifics to enhance detection and response capabilities.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2024-10-28T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6baab7ef31ef0b557a5f
Added to database: 2/25/2026, 9:37:46 PM
Last enriched: 2/26/2026, 1:22:35 AM
Last updated: 2/26/2026, 7:59:49 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-25191: Uncontrolled Search Path Element in Digital Arts Inc. FinalCode Ver.5 series
HighCVE-2026-23703: Incorrect default permissions in Digital Arts Inc. FinalCode Ver.5 series
HighCVE-2026-1311: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in bearsthemes Worry Proof Backup
HighCVE-2026-2506: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in motahar1 EM Cost Calculator
MediumCVE-2026-2499: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tgrk Custom Logo
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.