Terratec dmx_6fire USB 1.23.0.02 Unquoted Service Path

2024.04.14
Credit: Joseph Kwabena Fiagbor
Risk: Medium
Local: Yes
Remote: No
CVE: CVE-2024-31804
CWE: N/A

# Exploit Title: Terratec dmx_6fire USB - Unquoted Service Path # Google Dork: null # Date: 4/10/2024 # Exploit Author: Joseph Kwabena Fiagbor # Vendor Homepage: https://dmx-6fire-24-96-controlpanel.software.informer.com/download/ # Software Link: # Version: v.1.23.0.02 # Tested on: windows 7-11 # CVE : CVE-2024-31804 1. Description: The Terratec dmx_6fire usb installs as a service with an unquoted service path running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. 2. Proof > C:\Users\Astra>sc qc "ttdmx6firesvc" > {SC] QueryServiceConfig SUCCESS > > SERVICE_NAME: ttdmx6firesvc > TYPE : 10 WIN32_OWN_PROCESS > START_TYPE : 2 AUTO_START > ERROR_CONTROL : 1 NORMAL > BINARY_PATH_NAME : C:\Program Files\TerraTec\DMX6FireUSB\ttdmx6firesvc.exe -service > LOAD_ORDER_GROUP : PlugPlay > TAG : 0 > DISPLAY_NAME : DMX6Fire Control > DEPENDENCIES : eventlog > : PlugPlay > SERVICE_START_NAME : LocalSystem > >


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top