CVE-2024-50704

CVE-2024-50704 is an unauthenticated remote code execution vulnerability (CWE-94) affecting Uniguest Tripleplay versions prior to 24.2.1. It enables remote attackers to execute arbitrary code through a specially crafted HTTP POST request. The vulnerability carries a maximum CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its network accessibility, lack of prerequisites, and comprehensive impact on confidentiality, integrity, and availability with scope expansion.

Any remote attacker with network access to the affected Uniguest Tripleplay instance can exploit this vulnerability without authentication or user interaction. Successful exploitation allows arbitrary code execution on the target system, potentially leading to full compromise, including data theft, persistence, lateral movement, or disruption of services hosted by the Tripleplay platform.

Uniguest has published mitigation guidance in its CVE bulletins at https://uniguest.com/cve-bulletins/ and a dedicated vulnerability summary PDF at https://uniguest.com/wp-content/uploads/2025/02/CVE-2024-50704-Vulnerability-Summary.pdf. Security practitioners should consult these advisories for patching instructions, with upgrading to Tripleplay version 24.2.1 or later serving as the primary remediation to address the issue.