Main Vulnerability Database Exploits ID:12637 - Exploit for Command injection in LibreNMS - CVE-2024-51092

ID:12637 - Exploit for Command injection in LibreNMS - CVE-2024-51092

Published: April 24, 2026

Vulnerability identifier: #VU127451

Vulnerability risk: Medium

CVE-ID: CVE-2024-51092

CWE-ID: CWE-77

Exploitation vector: Remote access

Vulnerable software:
LibreNMS

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/linux/http/librenms_authenticated_rce_cve_2024_51092

Vulnerability description

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to command injection in AboutController.php when processing the /about page with a poisoned snmpget configuration value. A remote user can modify configuration parameters and create a crafted device hostname to execute arbitrary code.

Exploitation requires chaining the ability to create a device with shell metacharacters in its hostname and to update the snmpget setting through the web portal.

Remediation

Install security update from vendor's website.

ID:12637 - Exploit for Command injection in LibreNMS - CVE-2024-51092

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human