CVE-2024-39937 – This vulnerability in supOS 5.0 allows attacker... (How to Fix)

Q: What is the severity of CVE-2024-39937?

CVE-2024-39937 has a CVSS score of 8.6 (HIGH). This vulnerability in supOS 5.0 allows attackers to perform directory traversal via the api/image/download endpoint, enabling unauthorized reading of files outside the intended directory. It affects all systems running supOS 5.0 with the vulnerable API endpoint exposed. Attackers can exploit this without authentication to access sensitive system files.

📋 TL;DR

This vulnerability in supOS 5.0 allows attackers to perform directory traversal via the api/image/download endpoint, enabling unauthorized reading of files outside the intended directory. It affects all systems running supOS 5.0 with the vulnerable API endpoint exposed. Attackers can exploit this without authentication to access sensitive system files.

💻 Affected Systems

Products:

supOS

Versions: 5.0

Operating Systems: Not OS-specific

Default Config Vulnerable: ⚠️ Yes

Notes: Affects supOS 5.0 installations with the api/image/download endpoint accessible.

📦 What is this software?

Supos by Supos

View all CVEs affecting Supos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading of configuration files, credentials, or sensitive data, potentially leading to lateral movement and full control of affected systems.

🟠

Likely Case

Unauthorized access to sensitive files including configuration files, logs, and potentially credentials stored in accessible directories.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external access to the vulnerable endpoint.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only HTTP requests with directory traversal sequences in the fileName parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://cloud.supos.com/announcement/detail?id=1985637965817671680

Restart Required: Yes

Instructions:

1. Check vendor advisory for latest patched version
2. Apply vendor-provided patch or update
3. Restart supOS services
4. Verify the fix by testing the vulnerable endpoint

🔧 Temporary Workarounds

Web Application Firewall Rule

all

Block directory traversal sequences in the fileName parameter

WAF rule to block requests containing '../' in the fileName parameter

Network Access Control

all

Restrict access to the vulnerable endpoint

Firewall rule to limit access to /api/image/download to trusted IPs only

🧯 If You Can't Patch

Implement strict network segmentation to isolate supOS from untrusted networks
Deploy a web application firewall with rules to detect and block directory traversal attempts

🔍 How to Verify

Check if Vulnerable:

Test by sending a request to /api/image/download?fileName=../etc/passwd (or similar traversal) and checking if it returns unauthorized file contents

Check Version:

Check supOS version through admin interface or system configuration

Verify Fix Applied:

Attempt the same directory traversal request after patching; it should return an error or empty response instead of file contents

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /api/image/download with '../' sequences in parameters
Unusual file access patterns from the supOS application

Network Indicators:

HTTP requests containing directory traversal sequences to the supOS API endpoint

SIEM Query:

source="web_logs" AND uri_path="/api/image/download" AND (query_string="*../*" OR user_agent="*scanner*")

📊 Metadata

CVE ID: CVE-2024-39937

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-22

Published: July 4, 2024

Last Updated: November 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-39937, you might also want to check these: