Taylor ParizoJul 5, 2024

This is a destructive OPSEC failure.
PoC code is trivial to find along with a simple Censys query to uncover vulnerable hosts. The code itself supports a TXT file of URLs so....spray and pray method to find targets. Certain campaigns used #XMRig, GoThief, and backdoors like #Gh0stRAT and #PlugX.

It should go without saying to not make your file servers open to the public but some didn't get the memo.
#HFS #CVE202423692 #ThreatIntel

https://asec.ahnlab.com/en/67650/

Attack Cases Against HTTP File Server (HFS) (CVE-2024-23692) - ASEC BLOG

AhnLab Security Emergency response Center

ASEC BLOG
Dark Web Informer Jun 11, 2024

🚨POC RELEASED🚨CVE-2024-23692 Unauthenticated RCE Flaw in Rejetto HTTP File Server

#DarkWeb #Cybersecurity #Security #Cyberattack #Cybercrime #Privacy #Infosec #CVE202423692 #Vulnerability

https://x.com/DarkWebInformer/status/1800568089811251282

https://github.com/k3lpi3b4nsh33/CVE-2024-23692

Dark Web Informer (@DarkWebInformer) on X

🚨POC RELEASED🚨CVE-2024-23692 Unauthenticated RCE Flaw in Rejetto HTTP File Server #DarkWeb #Cybersecurity #Security #Cyberattack #Cybercrime #Privacy #Infosec #CVE202423692 #Vulnerability

X (formerly Twitter)