CVE-2024-50960 – A command injection vulnerability in the Nmap d... (How to Fix)

Q: How do I fix CVE-2024-50960?

1. Download latest firmware from Extron website. 2. Log into admin web console. 3. Navigate to System > Update. 4. Upload firmware file. 5. Apply update and restart device.

Q: What is the severity of CVE-2024-50960?

CVE-2024-50960 has a CVSS score of 7.2 (HIGH). A command injection vulnerability in the Nmap diagnostic tool within Extron SMP/SME admin web consoles allows authenticated attackers to execute arbitrary commands as root. This affects Extron SMP 111, SMP 351, SMP 352, and SME 211 devices running vulnerable firmware versions. Attackers can gain complete control of affected devices.

📋 TL;DR

A command injection vulnerability in the Nmap diagnostic tool within Extron SMP/SME admin web consoles allows authenticated attackers to execute arbitrary commands as root. This affects Extron SMP 111, SMP 351, SMP 352, and SME 211 devices running vulnerable firmware versions. Attackers can gain complete control of affected devices.

💻 Affected Systems

Products:

Extron SMP 111
Extron SMP 351
Extron SMP 352
Extron SME 211

Versions: SMP 111 <= 3.01, SMP 351 <= 2.16, SMP 352 <= 2.16, SME 211 <= 3.02

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to admin web console. Nmap diagnostic feature must be accessible.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to install persistent backdoors, pivot to internal networks, exfiltrate sensitive data, or disrupt critical AV operations.

🟠

Likely Case

Attackers gain root shell access to manipulate device configurations, install cryptocurrency miners, or use devices as network pivots for lateral movement.

🟢

If Mitigated

Limited to authenticated users only, but still provides root access if credentials are compromised or insider threat exists.

🌐 Internet-Facing: HIGH if admin interface exposed to internet, as authenticated attackers can gain root access remotely.

🏢 Internal Only: HIGH as authenticated internal users or compromised credentials still allow root command execution.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Public exploit code available. Requires valid admin credentials. Simple command injection via Nmap parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Extron website for latest firmware updates

Vendor Advisory: https://www.extron.com/article/smp

Restart Required: Yes

Instructions:

1. Download latest firmware from Extron website. 2. Log into admin web console. 3. Navigate to System > Update. 4. Upload firmware file. 5. Apply update and restart device.

🔧 Temporary Workarounds

Disable Nmap Diagnostic Tool

linux

Remove or restrict access to the vulnerable Nmap diagnostic feature

# Requires modifying web interface configuration files
# Exact commands depend on device model and firmware

Network Segmentation

all

Isolate Extron devices on separate VLAN with strict firewall rules

🧯 If You Can't Patch

Implement strict network segmentation to isolate Extron devices from critical networks
Enforce strong authentication policies and monitor for credential compromise
Disable admin web console access from untrusted networks
Implement application firewall rules to block suspicious Nmap parameter patterns

🔍 How to Verify

Check if Vulnerable:

Check firmware version in admin web console under System > Information. Compare against affected versions.

Check Version:

# Log into admin web interface and navigate to System > Information page

Verify Fix Applied:

Verify firmware version is above vulnerable versions. Test Nmap diagnostic tool with safe parameters to confirm sanitization.

📡 Detection & Monitoring

Log Indicators:

Unusual Nmap diagnostic tool usage with suspicious parameters
Multiple failed authentication attempts followed by Nmap usage
Commands with shell metacharacters in web logs

Network Indicators:

Unexpected outbound connections from Extron devices
Traffic patterns suggesting command-and-control communication
Port scans originating from Extron devices

SIEM Query:

source="extron-web-logs" AND (uri="*/nmap*" AND (param="*;*" OR param="*|*" OR param="*`*" OR param="*$(*"))

📊 Metadata

CVE ID: CVE-2024-50960

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 4.28% exploit probability (88.6th percentile)

Published: April 15, 2025

Last Updated: April 25, 2025

🔗 References

https://github.com/layer8secure/extron-smp-inject/ Exploit,Third Party Advisory
https://ryanmroth.com/articles/exploiting-extron-smp-command-injection Exploit,Third Party Advisory
https://www.extron.com/article/smp Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50960, you might also want to check these: