This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **What is this vulnerability?** VoIPmonitor **Code Injection** flaw.β¦
π‘οΈ **Root Cause?** π **Flaw:** Improper Input Validation. - The `recheck` option accepts user-supplied `SPOOLDIR` values. - These values may contain **PHP code**. - The code is directly injected into the config file wiβ¦
π₯ **Who is affected?** - **Product:** VoIPmonitor. - **Version:** **< 24.61** (Specifically mentions < 24.60 in PoCs). - **Component:** Web UI. - **Vendor:** VoIPmonitor Team.
Q4What can hackers do? (Privileges/Data)
π΅οΈ **What can hackers do?** - **Full RCE:** Execute commands as the web server user. - **Persistent Access:** Deploy a **browser-based web shell** (e.g., `namrlblgel.php`). - **Data Theft:** Access sensitive VoIP data, β¦
π£ **Is there a public Exp?** β **YES.** - Multiple PoCs available on GitHub. - **Tool:** `CVE-2021-30461.py`. - **Usage:** `python3 CVE-2021-30461.py -t <IP>`. - **Result:** Direct RCE and shell deployment.
Q7How to self-check? (Features/Scanning)
π **How to self-check?** 1. **Scan:** Use Nuclei template `http/cves/2021/CVE-2021-30461.yaml`. 2. **Verify:** Check if your VoIPmonitor version is **< 24.61**. 3.β¦
π§ **What if no patch?** - **Network Segmentation:** Block external access to the VoIPmonitor Web UI. - **WAF Rules:** Block requests containing `recheck` with suspicious payloads. - **Input Filtering:** If possible, resβ¦
β οΈ **Is it urgent?** π΄ **CRITICAL PRIORITY.** - **Unauthenticated RCE** is a top-tier threat. - **Public Exploits** exist and are easy to use. - **Impact:** Complete server compromise. - **Action:** Patch **IMMEDIATELYβ¦