CVE-2024-53275

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 23, 2024

Updated: Dec 24, 2024

CWE ID 350

Summary

CVE-2024-53275 is a vulnerability affecting Home-Gallery.org, a self-hosted open-source photo and video gallery platform. In versions 1.15.0 and older, the software is vulnerable to DNS rebinding attacks due to its default setup, which lacks both TLS and user authentication. In such an attack, an attacker could ask a user to visit their malicious website. After the user's visit, the attacker alters the DNS records of their domain, changing it to the internal IP address of the home-gallery instance. By identifying potential IP addresses through this method, an attacker can launch their attack, extracting home-gallery photos from the vulnerable instance, as the response comes from the home-gallery server, not the attacker's website.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Home > Gallery

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners