CVE-2024-51092
Remote Code Execution in LibreNMS
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| librenms | librenms | to 24.10.0 (exc) |
| librenms | librenms | From 24.9.0 (inc) to 24.9.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-51092 is a critical authenticated OS command injection vulnerability in LibreNMS versions 24.9.1 and earlier.
An attacker with valid credentials can exploit this flaw by creating a malicious device entry with shell metacharacters in its hostname, which causes the system to create a directory containing those characters.
The attacker then modifies the SNMP binary path configuration to point to a system binary via path traversal, leveraging a vulnerable shell_exec() call in the AboutController.php file to execute arbitrary OS commands.
This allows the attacker to execute arbitrary code remotely, potentially leading to full server compromise.
The vulnerability requires low privileges and no user interaction, making it highly critical.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2024-51092 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability can allow an authenticated attacker to execute arbitrary operating system commands on the server running LibreNMS.
Such remote code execution can lead to full compromise of the server, including unauthorized access to sensitive data, disruption of services, and potential use of the server as a foothold for further attacks.
Because the exploit requires only low privileges and no user interaction, it poses a significant risk to the security and integrity of the affected system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves verifying if your LibreNMS installation is running a vulnerable version (24.9.1 or earlier) and checking for signs of exploitation such as malicious device hostnames containing shell metacharacters or altered SNMP binary paths.
You can inspect the LibreNMS device list for suspicious hostnames with shell metacharacters that could indicate an attempted injection.
Additionally, check the configuration parameters related to SNMP binary paths for unauthorized modifications that might point to system binaries via path traversal.
While no specific detection commands are provided in the resources, general Linux commands that may help include:
- Listing devices with suspicious hostnames: `grep -E '[;&|$`]' /path/to/librenms/devices`
- Checking for modified SNMP binary paths in configuration files: `grep snmpget /path/to/librenms/config`
- Reviewing cron jobs or polling scripts for unexpected commands or paths.
What immediate steps should I take to mitigate this vulnerability?
The immediate and most effective mitigation step is to upgrade LibreNMS to version 24.10.0 or later, where this vulnerability has been patched.
Until the upgrade can be performed, restrict access to the LibreNMS web portal to trusted users only, as exploitation requires authenticated access.
Review and remove any suspicious device entries with hostnames containing shell metacharacters.
Audit and reset any modified SNMP binary path configuration parameters to their default safe values.
Monitor system logs and cron jobs for unusual activity that could indicate exploitation attempts.