CVE-2024-47176 PoC — cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source

Source

https://github.com/workabhiwin09/CVE-2024-47176

Associated Vulnerability

Title:cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source (CVE-2024-47176)
Description:CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.

Description

CUPS Browsd Check_CVE-2024-47176

Readme

CUPS Browsd daemon which is by default running as root if allowed in Linux/Unix systems, allow remote connections from any device on the network to create a new printer.

Start the python post server and then send the request to add the printer you will se a connection to your http server as root to add the printer.

<img width="501" alt="image" src="https://github.com/user-attachments/assets/e6044970-856a-4d89-9481-757b8a50e72b">

<img width="604" alt="image" src="https://github.com/user-attachments/assets/d62a7e7b-52a2-4320-9beb-cce1fb572884">

File Snapshot


 [4.0K]  /data/pocs/b00135c155990dbb668b8a11a4e7b80d7e7c1627
├── [ 494]  cups_browsd.py
├── [1.6K]  http_srv.py
└── [ 553]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!