Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2024-28213 PoC — nGrinder 安全漏洞

Source
https://github.com/0x1x02/CVE-2024-28213
Associated Vulnerability
Title:nGrinder 安全漏洞 (CVE-2024-28213)
Description:nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.
Description
Here's a brief description of CVE-2024-28213:  "CVE-2024-28213 is a critical vulnerability affecting versions prior to 3.5.9 of nGrinder. It allows unauthenticated users to send serialized Java objects to the application, potentially leading to the execution of arbitrary code through unsafe Java object deserialization.
Readme
## CVE-2024-28213 Vulnerability

### Description
nGrinder version prior to 3.5.9 is vulnerable to a critical security issue, CVE-2024-28213. This vulnerability allows unauthenticated users to send serialized Java objects to the application, potentially enabling a remote attacker to execute arbitrary code through unsafe Java object deserialization.

### Vulnerability Details
- CVE ID: CVE-2024-28213
- Published Date: 2024-03-07
- Updated Date: 2024-03-07
- Source: Naver Corporation
- Vulnerability Category: Execute code
- CWE IDs: CWE-502 (Deserialization of Untrusted Data)

### Impact
The exploitation of this vulnerability could lead to remote code execution, giving attackers unauthorized access to the system and potentially allowing them to take control of the affected server.

### Affected Versions
nGrinder versions prior to 3.5.9 are affected by this vulnerability.

### Mitigation
To mitigate the risk associated with this vulnerability, it is highly recommended to upgrade nGrinder to version 3.5.9 or later, where the issue has been addressed. Additionally, organizations should ensure that the application is not directly accessible from untrusted networks and implement proper network segmentation and access controls.

### References
- [CVE-2024-28213 on CVE Details](https://cve.naver.com/detail/cve-2024-28213.html)
- [NAVER Security Advisory](https://cve.naver.com/detail/cve-2024-28213.html)

### Exploit Prediction
According to the Exploit Prediction Scoring System (EPSS), the probability of exploitation activity in the next 30 days is estimated to be 0.04%.

### Proof of Concept (PoC)
A proof of concept (PoC) for CVE-2024-28213 is available for purchase. The PoC is priced at $270.22 USD (by current exchange rate) 5 and is available in a limited quantity of 5. To obtain the PoC : https://satoshidisk.com/pay/CKp6DL
File Snapshot

 [4.0K]  /data/pocs/f8d518a2b15276ee6af619128ccd728240a502af
└── [1.8K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →