Primary

Context

meterN Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in meterN version 1.2.3. This vulnerability exists in the admin_meter2.php and admin_indicator2.php scripts, where the 'COMMANDx' and 'LIVECOMMANDx' POST parameters can be exploited to execute arbitrary system commands. The vulnerability requires authentication and can be exploited with administrative privileges.

Impact

Exploitation of this vulnerability allows authenticated users to execute arbitrary system commands with administrative rights, potentially leading to unauthorized access or modification of system resources.

Reproduction

To reproduce this vulnerability, send a POST request to either 'admin_meter2.php' or 'admin_indicator2.php' with the 'COMMANDx' or 'LIVECOMMANDx' parameters containing the desired command to execute. This can be done through a crafted HTML form or using a tool like cURL, after logging in as an administrator.

Remediation

Users can upgrade to meterN version 1.2.4.1, which addresses this vulnerability.

Added: Dec 31, 2025, 7:21 PM

Updated: Dec 31, 2025, 8:54 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.1

remediation

7.7

relevance

1.9

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.1

remediation

7.7

relevance

1.9

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

meterN Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating