{"id":56233,"date":"2024-04-12T19:29:47","date_gmt":"2024-04-12T15:29:47","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/178036\/terratecdmx6fireusb123002-unquotedpath.txt"},"modified":"2024-04-12T19:29:47","modified_gmt":"2024-04-12T15:29:47","slug":"terratec-dmx_6fire-usb-1-23-0-02-unquoted-service-path","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/terratec-dmx_6fire-usb-1-23-0-02-unquoted-service-path\/","title":{"rendered":"Terratec dmx_6fire USB 1.23.0.02 Unquoted Service Path"},"content":{"rendered":"
\n
Terratec dmx_6fire USB 1.23.0.02 Unquoted Service Path<\/strong><\/a><\/dt>\n
Posted Apr 12, 2024<\/a><\/dd>\n
Authored by Joseph Kwabena Fiagbor<\/a><\/dd>\n
\n

Terratec dmx_6fire USB version 1.23.0.02 suffers from an unquoted service path vulnerability.<\/p>\n<\/dd>\n

tags<\/span> | exploit<\/a><\/dd>\n
advisories<\/span> | CVE-2024-31804<\/a><\/dd>\n
SHA-256<\/span> | 3b1ae38d17de2b6bb05d853af820ee9f6f5e2f2251357f5de9240f209b72112f<\/code><\/dd>\n
Download<\/a> | Favorite<\/a> | View<\/a><\/dd>\n<\/dl>\n
\n
# Exploit Title: Terratec dmx_6fire USB - Unquoted Service Path
# Google Dork: null
# Date: 4\/10\/2024
# Exploit Author: Joseph Kwabena Fiagbor
# Vendor Homepage: https:\/\/dmx-6fire-24-96-controlpanel.software.informer.com\/download\/
# Software Link:
# Version: v.1.23.0.02
# Tested on: windows 7-11
# CVE : CVE-2024-31804
1. Description:<\/p>
The Terratec dmx_6fire usb installs as a service with an unquoted service
path running
with SYSTEM privileges.
This could potentially allow an authorized but non-privileged local
user to execute arbitrary code with elevated privileges on the system.<\/p>
2. Proof<\/p>
> C:\\Users\\Astra>sc qc \"ttdmx6firesvc\"
> {SC] QueryServiceConfig SUCCESS
>
> SERVICE_NAME: ttdmx6firesvc
> TYPE : 10 WIN32_OWN_PROCESS
> START_TYPE : 2 AUTO_START
> ERROR_CONTROL : 1 NORMAL
> BINARY_PATH_NAME : C:\\Program Files\\TerraTec\\DMX6FireUSB\\ttdmx6firesvc.exe -service
> LOAD_ORDER_GROUP : PlugPlay
> TAG : 0
> DISPLAY_NAME : DMX6Fire Control
> DEPENDENCIES : eventlog
> : PlugPlay
> SERVICE_START_NAME : LocalSystem
>
><\/p><\/code><\/pre>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
Terratec dmx_6fire USB 1.23.0.02 Unquoted Service Path Posted Apr 12, 2024 Authored by Joseph Kwabena Fiagbor Terratec dmx_6fire USB version 1.23.0.02 suffers from an unquoted service path vulnerability. tags | exploit advisories | CVE-2024-31804 SHA-256 | 3b1ae38d17de2b6bb05d853af820ee9f6f5e2f2251357f5de9240f209b72112f Download | Favorite | View # Exploit Title: Terratec dmx_6fire USB – Unquoted Service Path# Google Dork: null# …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-56233","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56233","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=56233"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56233\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=56233"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=56233"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=56233"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}