CVE-2024-57426

High

Published: 06 February 2025

Published

06 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0011 28.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

NetMod VPN Client 5.3.1 is vulnerable to DLL injection, allowing an attacker to execute arbitrary code by placing a malicious DLL in a directory where the application loads dependencies. This vulnerability arises due to the improper validation of dynamically loaded libraries.

Security Summary

CVE-2024-57426 is a DLL injection vulnerability in NetMod VPN Client version 5.3.1. The issue arises from improper validation of dynamically loaded libraries (CWE-427), enabling an attacker to place a malicious DLL in a directory where the application loads dependencies, resulting in arbitrary code execution.

The vulnerability has a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating it is exploitable over the network with low attack complexity, no required privileges, and no user interaction. An attacker can achieve limited impacts on confidentiality, integrity, and availability through successful exploitation.

Mitigation details are available in the referenced advisories, including the GitHub repository at https://github.com/iamsinghmanish/My-CVEs/tree/main/CVE-2024-57426 and the project page at https://sourceforge.net/projects/netmodhttp/.

Details

CWE(s): CWE-427

References

https://github.com/iamsinghmanish/My-CVEs/tree/main/CVE-2024-57426
cve@mitre.org
https://sourceforge.net/projects/netmodhttp/
cve@mitre.org