Cyber Resilience

CVE-2024-51442

HighRCE

Published: 08 January 2025

Published
08 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.3905 97.4th percentile
Risk Priority 41 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-51442 is a high-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 2.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-51442 is a command injection vulnerability present in MiniDLNA versions 1.3.3 and earlier. The issue, tracked as CWE-77, occurs during processing of the minidlna.conf configuration file and permits arbitrary operating system command execution when a malicious file is supplied.

An unauthenticated attacker can leverage the flaw over a network by delivering a specially crafted configuration file that the application then loads, resulting in full compromise of confidentiality, integrity, and availability consistent with the CVSS 8.8 rating that requires user interaction to trigger.

Public references point to a GitHub repository containing exploit details, a SourceForge bug report, and the project's source repository, but contain no explicit statements on patches or mitigation steps. The associated EPSS score of 0.3905 shows no material rise from a lower baseline.

EU & UK References

Vulnerability details

Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Command injection via malicious config file directly enables Unix shell command execution (T1059.004) after user loads the file (T1204.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-27423Shared CWE-77
CVE-2025-25743Shared CWE-77
CVE-2025-50428Shared CWE-77
CVE-2025-59046Shared CWE-77
CVE-2026-41500Shared CWE-77
CVE-2026-40034Shared CWE-77
CVE-2026-23823Shared CWE-77
CVE-2026-4048Shared CWE-77
CVE-2026-31059Shared CWE-77
CVE-2026-22284Shared CWE-77

Affected Assets

Minidlna
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2024-51442 by identifying, reporting, and applying patches to remediate the command injection flaw in MiniDLNA as referenced in advisories.

prevent

Prevents command injection by enforcing input validation mechanisms at the configuration file parsing points in MiniDLNA.

prevent

Establishes and enforces secure baseline configuration settings for MiniDLNA to avoid deployment of vulnerable or malicious minidlna.conf files.

References