CVE-2024-55371 – Wallos versions up to 2.38.2 contain a file upl... (How to Fix)

Q: What is the severity of CVE-2024-55371?

CVE-2024-55371 has a CVSS score of 9.8 (CRITICAL). Wallos versions up to 2.38.2 contain a file upload vulnerability in the restore backup function that allows authenticated users to upload malicious ZIP files. When extracted on the server, these files can lead to remote code execution via web shells. Any Wallos installation with authenticated users is affected.

📋 TL;DR

Wallos versions up to 2.38.2 contain a file upload vulnerability in the restore backup function that allows authenticated users to upload malicious ZIP files. When extracted on the server, these files can lead to remote code execution via web shells. Any Wallos installation with authenticated users is affected.

💻 Affected Systems

Products:

Wallos

Versions: <= 2.38.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access; administrator privileges are not needed.

📦 What is this software?

Wallos by Wallosapp

View all CVEs affecting Wallos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise allowing data theft, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Unauthorized file upload leading to web shell deployment and limited command execution.

🟢

If Mitigated

File upload blocked or sanitized, preventing malicious content execution.

🌐 Internet-Facing: HIGH - If Wallos is exposed to the internet, attackers can exploit authenticated access.

🏢 Internal Only: MEDIUM - Requires authenticated user access, but internal threats exist.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access and involves uploading a malicious ZIP file.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: > 2.38.2

Vendor Advisory: https://github.com/ellite/Wallos/releases

Restart Required: No

Instructions:

1. Update Wallos to version > 2.38.2. 2. Follow vendor release notes for any additional steps.

🔧 Temporary Workarounds

Disable Backup Restore Function

all

Temporarily disable the restore backup functionality to prevent file uploads.

Modify Wallos configuration or code to remove/disable restore backup feature.

Restrict File Uploads

all

Implement server-side file validation to block ZIP files or restrict uploads to trusted sources.

Configure web server (e.g., Apache/Nginx) to reject .zip uploads or use WAF rules.

🧯 If You Can't Patch

Restrict access to Wallos to trusted users only and monitor for suspicious activity.
Implement network segmentation to isolate Wallos from critical systems.

🔍 How to Verify

Check if Vulnerable:

Check Wallos version; if <= 2.38.2, it is vulnerable.

Check Version:

Check Wallos admin panel or configuration files for version number.

Verify Fix Applied:

Verify Wallos version is > 2.38.2 and test restore backup function with safe files.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to backup restore endpoint, unexpected ZIP file extractions.

Network Indicators:

HTTP POST requests to backup restore URLs with ZIP payloads.

SIEM Query:

source="wallos_logs" AND (url="*restore*" OR file_extension=".zip")

📊 Metadata

CVE ID: CVE-2024-55371

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-73

EPSS Score: 1.46% exploit probability (80.6th percentile)

Published: April 16, 2025

Last Updated: June 3, 2025

🔗 References

https://www.datafarm.co.th/blog/CVE-2024-55371-and-CVE-2024-55372-Malicious-File-Upload-to-RCE-in-Wallos-Application Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-55371, you might also want to check these: