Critical severity10.0NVD Advisory· Published May 13, 2025· Updated Jun 17, 2026
CVE-2024-46506
CVE-2024-46506
Description
NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: 23.01.14 through 24.x before 24.10.12
Patches
Vulnerability mechanics
References
1- rhinosecuritylabs.com/research/cve-2024-46506-rce-in-netalertx/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.