Login Sign Up

CVE-2024-52778

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on affected DCME devices via a specific PHP file. It affects multiple DCME series devices running vulnerable firmware versions. Attackers can gain full control of compromised devices without authentication.

💻 Affected Systems

Products:
  • DCME-320
  • DCME-520
  • DCME-320-L
  • DCME-720
Versions: DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, DCME-720 <=9.1.5.11
Operating Systems: Embedded Linux (vendor-specific)
Default Config Vulnerable: ⚠️ Yes
Notes: All devices with web interface enabled are vulnerable. No special configuration required.

📦 What is this software?

Dcme 320 Firmware by Dcnetworks

View all CVEs affecting Dcme 320 Firmware →

Dcme 320 L Firmware by Dcnetworks

View all CVEs affecting Dcme 320 L Firmware →

Dcme 520 Firmware by Dcnetworks

View all CVEs affecting Dcme 520 Firmware →

Dcme 720 Firmware by Dcnetworks

View all CVEs affecting Dcme 720 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to install persistent backdoors, steal sensitive data, pivot to internal networks, or use devices as botnet nodes.

🟠

Likely Case

Attackers deploy cryptocurrency miners, ransomware, or use devices as proxies for further attacks, causing service disruption and data loss.

🟢

If Mitigated

With proper network segmentation and monitoring, impact limited to isolated device compromise with minimal lateral movement.

🌐 Internet-Facing: HIGH - Exploit is unauthenticated and affects web interfaces often exposed to internet for management.
🏢 Internal Only: HIGH - Even internally, vulnerable devices can be exploited by attackers who gain initial foothold in network.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit details available in referenced blog post. Simple HTTP request to vulnerable endpoint can trigger RCE.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Contact DCME vendor for patching guidance. 2. Check vendor website for firmware updates. 3. Apply latest firmware if available. 4. Reboot device after update.

🔧 Temporary Workarounds

Block access to vulnerable endpoint

all

Use web server or firewall to block access to /function/audit/newstatistics/mon_stat_hist.php

# For Apache: RewriteRule ^/function/audit/newstatistics/mon_stat_hist\.php - [F,L]
# For Nginx: location ~ /function/audit/newstatistics/mon_stat_hist\.php { deny all; }

Disable web interface if not needed

all

Turn off HTTP/HTTPS services on affected devices

# Device-specific commands - consult vendor documentation

🧯 If You Can't Patch

  • Isolate affected devices in separate VLAN with strict firewall rules
  • Implement network-based intrusion detection to monitor for exploit attempts

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or SSH. Compare against affected versions list.

Check Version:

# Via web interface: System > About or via SSH: cat /etc/version

Verify Fix Applied:

Verify firmware version is above vulnerable versions. Test if /function/audit/newstatistics/mon_stat_hist.php endpoint is accessible.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to /function/audit/newstatistics/mon_stat_hist.php with suspicious parameters
  • Unusual process execution from web server user
  • System command execution in web logs

Network Indicators:

  • HTTP POST requests to vulnerable endpoint with encoded payloads
  • Outbound connections from device to unknown IPs post-exploit

SIEM Query:

web.url="*/function/audit/newstatistics/mon_stat_hist.php*" AND (web.method="POST" OR web.status=200)

📊 Metadata

CVE ID: CVE-2024-52778
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: November 29, 2024
Last Updated: November 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON