CVE-2024-51114
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on affected Digital China Yunke systems via a specific PHP file. It affects Beijing Digital China Yunke Information Technology Co.Ltd version 7.2.6.120. Organizations using this specific version are at risk of complete system compromise.
💻 Affected Systems
- Beijing Digital China Yunke Information Technology Co.Ltd
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining complete control over the affected system, enabling data theft, lateral movement, and persistent access.
Likely Case
Remote code execution leading to web shell deployment, data exfiltration, and potential ransomware deployment.
If Mitigated
Limited impact with proper network segmentation and web application firewalls blocking malicious requests.
🎯 Exploit Status
The CWE-77 (Improper Neutralization of Special Elements used in a Command) suggests command injection. Exploitation requires understanding of the vulnerable parameter and payload delivery.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 7.2.6.120 (check vendor for specific fixed version)
Vendor Advisory: Not provided in references
Restart Required: No
Instructions:
1. Contact Digital China Yunke for the official patch. 2. Apply the patch to all affected systems. 3. Remove or restrict access to the vulnerable customizable.php file if patching is delayed.
🔧 Temporary Workarounds
File Access Restriction
allBlock or restrict access to the vulnerable PHP file to prevent exploitation
# Apache: RewriteRule ^/code/function/dpi/web_auth/customizable\.php$ - [F,L]
# Nginx: location ~ /code/function/dpi/web_auth/customizable\.php$ { deny all; }
🧯 If You Can't Patch
- Implement strict network segmentation to isolate affected systems from critical assets
- Deploy web application firewall (WAF) with rules to block command injection patterns targeting the vulnerable endpoint
🔍 How to Verify
Check if Vulnerable:
Check if the file /code/function/dpi/web_auth/customizable.php exists and system version is 7.2.6.120Check Version:
Check software documentation or admin interface for version informationVerify Fix Applied:
Verify the vulnerable file has been removed/patched and system version is updated beyond 7.2.6.120📡 Detection & Monitoring
Log Indicators:
- Unusual POST/GET requests to /code/function/dpi/web_auth/customizable.php
- System commands execution from web process
- Web shell file creation in web directories
Network Indicators:
- HTTP requests containing command injection patterns (|, ;, $, etc.) to the vulnerable endpoint
- Outbound connections from web server to unknown IPs
SIEM Query:
source="web_logs" AND (url="/code/function/dpi/web_auth/customizable.php" OR cmd="*customizable.php*")