Login Sign Up

CVE-2024-33118

7.5 HIGH

📋 TL;DR

LuckyFrameWeb v3.5.2 contains an arbitrary file read vulnerability in the fileDownload method of CommonController. This allows attackers to read sensitive files from the server filesystem without authentication. All deployments of LuckyFrameWeb v3.5.2 are affected.

💻 Affected Systems

Products:
  • LuckyFrameWeb
Versions: v3.5.2
Operating Systems: All platforms running LuckyFrameWeb
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of LuckyFrameWeb v3.5.2 are vulnerable. No special configuration required.

📦 What is this software?

Luckyframeweb by Luckyframe

View all CVEs affecting Luckyframeweb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through reading sensitive configuration files, credentials, or private keys leading to lateral movement and data exfiltration.

🟠

Likely Case

Unauthorized access to sensitive application files, configuration data, and potentially user information stored on the filesystem.

🟢

If Mitigated

Limited to reading non-critical files if proper file permissions and access controls are implemented.

🌐 Internet-Facing: HIGH - Directly exploitable without authentication via web interface.
🏢 Internal Only: HIGH - Internal attackers can exploit this to escalate privileges and access sensitive data.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple HTTP request manipulation required. No authentication needed. Public exploit details available in GitHub references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Upgrade to a newer version if available, or apply workarounds.

🔧 Temporary Workarounds

Input Validation and Path Sanitization

all

Add proper input validation to the fileDownload method to prevent directory traversal attacks.

Modify CommonController.java to validate file paths and restrict to allowed directories

Web Application Firewall Rules

all

Implement WAF rules to block directory traversal patterns in requests.

Add WAF rule: deny requests containing '../' or similar path traversal patterns

🧯 If You Can't Patch

  • Restrict network access to LuckyFrameWeb interface to trusted IPs only
  • Implement strict file system permissions to limit what the application user can read

🔍 How to Verify

Check if Vulnerable:

Test by attempting to access /common/fileDownload?fileName=../../../../etc/passwd (or similar traversal) and checking if sensitive files are returned.

Check Version:

Check application version in web interface or configuration files

Verify Fix Applied:

Attempt the same traversal attack after applying fixes - should return error or empty response.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to /common/fileDownload with '../' patterns
  • Unusual file access patterns from web application user

Network Indicators:

  • HTTP GET requests with directory traversal sequences in parameters

SIEM Query:

source="web_server" AND uri="/common/fileDownload" AND (uri="*../*" OR params="*../*")

📊 Metadata

CVE ID: CVE-2024-33118
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-494
Published: May 6, 2024
Last Updated: June 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-33118, you might also want to check these:

CVE-2020-1210 9.9

This is a critical remote code execution vulnerability in Microsoft SharePoint that allows attackers...

Same vulnerability type (CWE-494)
CVE-2020-1595 9.9

CVE-2020-1595 is a critical remote code execution vulnerability in Microsoft SharePoint where improp...

Same vulnerability type (CWE-494)
CVE-2025-40604 9.8

This critical vulnerability in SonicWall Email Security appliances allows attackers with access to v...

Same vulnerability type (CWE-494)