Login Sign Up

CVE-2024-9324

6.3 MEDIUM
Remote Code Execution

📋 TL;DR

This critical vulnerability in Intelbras InControl allows remote attackers to execute arbitrary code through code injection in the Relatório de Operadores page. It affects InControl versions up to 2.21.57, potentially compromising the entire system. Attackers can exploit this remotely without authentication.

💻 Affected Systems

Products:
  • Intelbras InControl
Versions: Up to and including 2.21.57
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web interface component specifically at /v1/operador/ endpoint

📦 What is this software?

Incontrol Web by Intelbras

View all CVEs affecting Incontrol Web →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data theft, ransomware deployment, or use as a foothold for lateral movement within the network.

🟠

Likely Case

Unauthorized access to sensitive data, system manipulation, or installation of backdoors for persistent access.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit has been publicly disclosed and requires minimal technical skill to execute

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.21.58

Vendor Advisory: https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf

Restart Required: Yes

Instructions:

1. Download INCONTROL-WEB-2.21.58 from Intelbras download portal. 2. Stop InControl service. 3. Install the update. 4. Restart the service.

🔧 Temporary Workarounds

Network Access Restriction

windows

Block external access to InControl web interface using firewall rules

netsh advfirewall firewall add rule name="Block InControl Web" dir=in action=block protocol=TCP localport=80,443 remoteip=any

Endpoint Protection

all

Deploy WAF or IPS rules to detect and block injection attempts

🧯 If You Can't Patch

  • Isolate the InControl server in a separate VLAN with strict access controls
  • Implement application-level input validation and sanitization for the /v1/operador/ endpoint

🔍 How to Verify

Check if Vulnerable:

Check InControl version in web interface or installation directory. Versions ≤2.21.57 are vulnerable.

Check Version:

Check web interface or look for version file in installation directory

Verify Fix Applied:

Verify version is 2.21.58 or higher and test the /v1/operador/ endpoint with injection attempts.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /v1/operador/ with suspicious parameters
  • System commands execution from web process

Network Indicators:

  • HTTP requests with code injection patterns to /v1/operador/ endpoint

SIEM Query:

source="web_logs" AND uri="/v1/operador/" AND (param="fields" AND value CONTAINS "system" OR "exec" OR "cmd")

📊 Metadata

CVE ID: CVE-2024-9324
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
Published: September 29, 2024
Last Updated: November 4, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9324, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)