{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T00:28:04.440","vulnerabilities":[{"cve":{"id":"CVE-2024-24578","sourceIdentifier":"security-advisories@github.com","published":"2024-03-18T22:15:07.683","lastModified":"2025-12-23T19:16:00.607","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple issues within the Java based `HMIPServer.jar` component. RaspberryMatric includes a Java based `HMIPServer`, that can be accessed through URLs starting with `/pages/jpages`. The `FirmwareController` class does however not perform any session id checks, thus this feature can be accessed without a valid session. Due to this issue, attackers can gain remote code execution as root user, allowing a full system compromise. Version 3.75.6.20240316 contains a patch."},{"lang":"es","value":"RaspberryMatic es un sistema operativo de código abierto para dispositivos de Internet de las cosas HomeMatic. RaspberryMatic/OCCU anterior a la versión 3.75.6.20240316 contiene una vulnerabilidad de ejecución remota de código (RCE) no autenticada, causada por múltiples problemas dentro del componente `HMIPServer.jar` basado en Java. RaspberryMatric incluye un `HMIPServer` basado en Java, al que se puede acceder a través de URL que comienzan con `/pages/jpages`. Sin embargo, la clase `FirmwareController` no realiza ninguna verificación de identificación de sesión, por lo que se puede acceder a esta función sin una sesión válida. Debido a este problema, los atacantes pueden obtener la ejecución remota de código como usuario root, lo que permite comprometer todo el sistema. La versión 3.75.6.20240316 contiene un parche."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-23"},{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:raspberrymatic:raspberrymatic:*:*:*:*:*:*:*:*","versionEndExcluding":"3.75.6.20240316","matchCriteriaId":"410B2CD1-CBCE-4625-87CE-BC67F1521AF8"}]}]}],"references":[{"url":"https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h","source":"security-advisories@github.com","tags":["Vendor Advisory","Exploit"]},{"url":"https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory","Exploit"]}]}}]}