CVE-2024-39178
📋 TL;DR
MyPower vc8100 V100R001C00B030 contains an arbitrary file read vulnerability in the /tcpdump/tcpdump.php component via the menu_uuid parameter. This allows attackers to read sensitive files from the system without authentication. Organizations using this specific version of MyPower vc8100 are affected.
💻 Affected Systems
- MyPower vc8100
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could read sensitive configuration files, credentials, or system files leading to complete system compromise and lateral movement.
Likely Case
Unauthenticated attackers reading configuration files, logs, or other sensitive data to gather information for further attacks.
If Mitigated
Limited to reading non-critical files if proper file permissions and network segmentation are implemented.
🎯 Exploit Status
Exploitation requires simple HTTP requests; public GitHub repository contains proof-of-concept.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None known
Restart Required: No
Instructions:
No official patch available. Check vendor website for updates or contact Maipu support.
🔧 Temporary Workarounds
Block Vulnerable Endpoint
allRestrict access to /tcpdump/tcpdump.php via web server configuration or firewall rules.
# Apache: RewriteRule ^/tcpdump/tcpdump\.php - [F,L]
# Nginx: location ~ /tcpdump/tcpdump\.php { deny all; }
Network Segmentation
allIsolate MyPower devices from untrusted networks and limit access to management interfaces.
🧯 If You Can't Patch
- Implement strict network access controls to limit who can reach the device's web interface.
- Monitor logs for unusual access patterns to /tcpdump/tcpdump.php and implement file integrity monitoring.
🔍 How to Verify
Check if Vulnerable:
Attempt to access http://[device_ip]/tcpdump/tcpdump.php?menu_uuid=../../etc/passwd and check if system files are returned.Check Version:
Check web interface or CLI for firmware version; should show V100R001C00B030 if vulnerable.Verify Fix Applied:
Verify the endpoint returns an error or is inaccessible after applying workarounds.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /tcpdump/tcpdump.php with directory traversal patterns in parameters
- Unusual file access patterns in system logs
Network Indicators:
- HTTP GET requests containing ../ sequences in query parameters
SIEM Query:
source="web_logs" AND uri_path="/tcpdump/tcpdump.php" AND query_string="*../*"