CVE-2024-24215
Description
An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cellinx NVT Web Server 5.0.0.014 leaks configuration via crafted POST to /cgi-bin/GetJsonValue.cgi.
Vulnerability
The vulnerability resides in the /cgi-bin/GetJsonValue.cgi component of Cellinx NVT Web Server version 5.0.0.014. An attacker can send a crafted POST request to this endpoint, which results in the disclosure of configuration information. The issue is present in the specified version and likely earlier versions [1].
Exploitation
An attacker with network access to the web server can exploit this vulnerability by sending a specially crafted POST request to /cgi-bin/GetJsonValue.cgi. No authentication is required. The exact parameters or payload are not detailed in the available references, but the request triggers the leakage of configuration data [1].
Impact
Successful exploitation allows an attacker to obtain sensitive configuration information from the server. This could include system settings, credentials, or other internal details that may facilitate further attacks. The confidentiality of the system is compromised [1].
Mitigation
As of the publication date (2024-02-08), no official patch or workaround has been disclosed in the available references. Users should monitor vendor updates for a fix. If possible, restrict access to the /cgi-bin/GetJsonValue.cgi endpoint via network controls or firewall rules [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cellinx/NVT Web Serverdescription
- Range: 5.0.0.014
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.