CVE-2023-50917 Scanner
Detects 'OS Command Injection' vulnerability in MajorDoMo (aka Major Domestic Module) affects v. before 0662e5e.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
30 second
Time Interval
4 week
Scan only one
Url
Toolbox
-
MajorDoMo, also known as MajorDomestic Module, is a versatile open-source project that allows users to automate their home and control various smart devices. This software solution can be installed on a server or even a Raspberry Pi, providing users with a platform to combine various technologies and build a smart home system that works for them. Utilizing a web-based interface, users can create scripts, set up schedules, and even remotely monitor and manage their home appliances.
The CVE-2023-50917 vulnerability is a critical flaw that has been detected in MajorDoMo software before version 0662e5e. This vulnerability allows hackers to execute arbitrary commands via the thumb.php shell metacharacters. Essentially, by taking advantage of this vulnerability, attackers can inject their code into the software, gain unauthorized access to the server, and perform malicious activities.
If this vulnerability is exploited, it can lead to significant harm, including data theft, loss of sensitive information, and even system damage. Hackers can gain control of the server and manipulate buildings or smart home devices or use the server as a pivot point to launch further attacks.
In conclusion, the security of digital assets is of utmost importance, and it is crucial to stay abreast of potential vulnerabilities in one's systems. With the Pro features of s4e.io, readers of this article can easily and quickly learn about any vulnerabilities in their digital assets. By leveraging their platform, users can get tailored vulnerability assessments and recommended countermeasures to protect their assets from potential attacks. We recommend that you check out their website for more information.
REFERENCES
- https://github.com/sergejey/majordomo/commit/0662e5ebfb133445ff6154b69c61019357092178
- https://github.com/sergejey/majordomo/commit/3ec3ffb863ea3c2661ab27d398776c551f4daaac
- seclists.org: 20231219 Disclosure of CVE-2023-50917: RCE Vulnerability in MajorDoM
- http://packetstormsecurity.com/files/176273/MajorDoMo-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/176669/MajorDoMo-Command-Injection.html