CVE-2024-24578 - Vulnerability Details - OpenCVE

RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple issues within the Java based `HMIPServer.jar` component. RaspberryMatric includes a Java based `HMIPServer`, that can be accessed through URLs starting with `/pages/jpages`. The `FirmwareController` class does however not perform any session id checks, thus this feature can be accessed without a valid session. Due to this issue, attackers can gain remote code execution as root user, allowing a full system compromise. Version 3.75.6.20240316 contains a patch.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.55581.

Key SSVC decision points have not yet been added.

Vendors	Products
Raspberrymatic	Raspberrymatic

Configuration 1 [-]

cpe:2.3:o:raspberrymatic:raspberrymatic:*:*:*:*:*:*:*:*

No data.

No data.

References

Link	Providers
https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h

History

Tue, 23 Dec 2025 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Raspberrymatic Raspberrymatic raspberrymatic
CPEs		cpe:2.3:o:raspberrymatic:raspberrymatic::::::::
Vendors & Products		Raspberrymatic Raspberrymatic raspberrymatic

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-18T21:13:03.626Z

Updated: 2024-08-26T13:54:04.130Z

Reserved: 2024-01-25T15:09:40.211Z

Link: CVE-2024-24578

Vulnrichment

Updated: 2024-08-01T23:19:52.853Z

NVD

Status : Analyzed

Published: 2024-03-18T22:15:07.683

Modified: 2025-12-23T19:16:00.607

Link: CVE-2024-24578

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-24578", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-25T15:09:40.211Z", "datePublished": "2024-03-18T21:13:03.626Z", "dateUpdated": "2024-08-26T13:54:04.130Z"}, "containers": {"cna": {"title": "RaspberryMatic Unauthenticated Remote Code Execution vulnerability through HMServer File Upload ", "problemTypes": [{"descriptions": [{"cweId": "CWE-23", "lang": "en", "description": "CWE-23: Relative Path Traversal", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-306", "lang": "en", "description": "CWE-306: Missing Authentication for Critical Function", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h"}], "affected": [{"vendor": "jens-maus", "product": "RaspberryMatic", "versions": [{"version": "< 3.75.6.20240316", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-18T21:13:03.626Z"}, "descriptions": [{"lang": "en", "value": "RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple issues within the Java based `HMIPServer.jar` component. RaspberryMatric includes a Java based `HMIPServer`, that can be accessed through URLs starting with `/pages/jpages`. The `FirmwareController` class does however not perform any session id checks, thus this feature can be accessed without a valid session. Due to this issue, attackers can gain remote code execution as root user, allowing a full system compromise. Version 3.75.6.20240316 contains a patch."}], "source": {"advisory": "GHSA-q967-q4j8-637h", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:19:52.853Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h"}]}, {"affected": [{"vendor": "raspberrymatic", "product": "raspberrymatic", "cpes": ["cpe:2.3:o:raspberrymatic:raspberrymatic:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.75.6.20240316", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-19T15:02:33.963780Z", "id": "CVE-2024-24578", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T13:54:04.130Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h", "name": "https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:19:52.853Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-24578", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-19T15:02:33.963780Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:raspberrymatic:raspberrymatic:*:*:*:*:*:*:*:*"], "vendor": "raspberrymatic", "product": "raspberrymatic", "versions": [{"status": "affected", "version": "0", "lessThan": "3.75.6.20240316", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T13:53:59.810Z"}}], "cna": {"title": "RaspberryMatic Unauthenticated Remote Code Execution vulnerability through HMServer File Upload ", "source": {"advisory": "GHSA-q967-q4j8-637h", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "jens-maus", "product": "RaspberryMatic", "versions": [{"status": "affected", "version": "< 3.75.6.20240316"}]}], "references": [{"url": "https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h", "name": "https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple issues within the Java based `HMIPServer.jar` component. RaspberryMatric includes a Java based `HMIPServer`, that can be accessed through URLs starting with `/pages/jpages`. The `FirmwareController` class does however not perform any session id checks, thus this feature can be accessed without a valid session. Due to this issue, attackers can gain remote code execution as root user, allowing a full system compromise. Version 3.75.6.20240316 contains a patch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-23", "description": "CWE-23: Relative Path Traversal"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-18T21:13:03.626Z"}}}, "cveMetadata": {"cveId": "CVE-2024-24578", "state": "PUBLISHED", "dateUpdated": "2024-08-26T13:54:04.130Z", "dateReserved": "2024-01-25T15:09:40.211Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-18T21:13:03.626Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:raspberrymatic:raspberrymatic:*:*:*:*:*:*:*:*", "matchCriteriaId": "410B2CD1-CBCE-4625-87CE-BC67F1521AF8", "versionEndExcluding": "3.75.6.20240316", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple issues within the Java based `HMIPServer.jar` component. RaspberryMatric includes a Java based `HMIPServer`, that can be accessed through URLs starting with `/pages/jpages`. The `FirmwareController` class does however not perform any session id checks, thus this feature can be accessed without a valid session. Due to this issue, attackers can gain remote code execution as root user, allowing a full system compromise. Version 3.75.6.20240316 contains a patch."}, {"lang": "es", "value": "RaspberryMatic es un sistema operativo de c\u00f3digo abierto para dispositivos de Internet de las cosas HomeMatic. RaspberryMatic/OCCU anterior a la versi\u00f3n 3.75.6.20240316 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) no autenticada, causada por m\u00faltiples problemas dentro del componente `HMIPServer.jar` basado en Java. RaspberryMatric incluye un `HMIPServer` basado en Java, al que se puede acceder a trav\u00e9s de URL que comienzan con `/pages/jpages`. Sin embargo, la clase `FirmwareController` no realiza ninguna verificaci\u00f3n de identificaci\u00f3n de sesi\u00f3n, por lo que se puede acceder a esta funci\u00f3n sin una sesi\u00f3n v\u00e1lida. Debido a este problema, los atacantes pueden obtener la ejecuci\u00f3n remota de c\u00f3digo como usuario root, lo que permite comprometer todo el sistema. La versi\u00f3n 3.75.6.20240316 contiene un parche."}], "id": "CVE-2024-24578", "lastModified": "2025-12-23T19:16:00.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-18T22:15:07.683", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Exploit"], "url": "https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory", "Exploit"], "url": "https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-23"}, {"lang": "en", "value": "CWE-306"}], "source": "security-advisories@github.com", "type": "Secondary"}]}