CVE-2024-1212 is a critical pre-authentication OS command injection vulnerability in Kemp Technologies LoadMaster on Linux. Unauthenticated remote attackers can reach the management interface and execute arbitrary operating system commands. Available technical details indicate the flaw involved unsafe handling of user-controlled input in the REST API authentication path, where values derived from the Basic Authentication header were insufficiently sanitized before being incorporated into a shell command and executed. Reported analysis tied exploitation to the API access handling logic, where attacker-controlled credential fields could traverse formatting routines and ultimately reach a system command execution call. The issue affects multiple LoadMaster 7.2.x release trains prior to vendor-fixed versions.
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
What an attacker gets, and what they’ve been doing with it.
If you can’t patch tonight, do this now.
Patch, then assume compromise.
2 valid exploits after Mallory filtered fakes, detection scripts, and README-only repos.
This repository contains a working exploit for CVE-2024-1212, an unauthenticated command injection vulnerability in Progress Kemp LoadMaster. The repository consists of a Python script ('cve_2024_1212_exploit.py') and a detailed README. The exploit script allows an attacker to execute arbitrary commands on a vulnerable LoadMaster device by sending a crafted HTTP GET request to the '/access/set' endpoint, injecting the command via the 'value' parameter. The script supports proxying requests (for interception or anonymity), randomizes the User-Agent header to evade basic detection, and can log output to a file. The README provides usage instructions, options, and example commands. The exploit is operational and can be used for remote unauthenticated command execution on affected devices. The main fingerprintable endpoint is '/access/set', and the exploit leverages a specific Authorization header. The code is straightforward, with a single entry point and no extraneous files.
This repository is a proof-of-concept (PoC) exploit for CVE-2024-1212, an unauthenticated command injection vulnerability in Kemp LoadMaster appliances. The main file, 'exploit.py', is a Python script that allows users to scan single or multiple targets for the vulnerability, execute arbitrary shell commands on vulnerable devices, and interact with them via an interactive shell. The exploit works by sending a specially crafted HTTP GET request to the '/access/set?param=enableapi&value=1' endpoint, injecting commands into the HTTP Basic Auth username field. The script supports multi-threaded scanning and can save a list of vulnerable targets to an output file. The repository also includes a 'requirements.txt' for dependencies and a detailed 'README.md' with usage instructions and privilege escalation guidance. The exploit is unauthenticated, network-based, and targets Kemp LoadMaster devices. No hardcoded payload is provided beyond the command injection mechanism, and the exploit is intended for educational and authorized security testing purposes only.
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A previously exploited critical Progress Kemp LoadMaster vulnerability mentioned for comparison/background.
A critical OS command injection vulnerability in Progress Kemp LoadMaster referenced as a prior flaw that also saw active exploitation efforts.
A previous critical Progress Kemp LoadMaster command injection vulnerability that was added to CISA's Known Exploited Vulnerabilities catalog after confirmed in-the-wild exploitation.
A prior unauthenticated command injection vulnerability in Progress Kemp LoadMaster, cited as a historical parallel to CVE-2026-8037.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.