CVE-2024-10965: emqx neuron JSON File schema information disclosure

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-10965

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

emqx neuron JSON File schema information disclosure

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The patch is named c9ce39747e0372aaa2157b2b56174914a12c06d8. It is recommended to apply a patch to fix this issue.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

信息暴露

Source: NVD (National Vulnerability Database)

Vulnerability Title

Neuron 访问控制错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Neuron是EMQ开源的一款工业物联网（IIoT）连接服务器。用于现代大数据和 AI/ML 技术，以利用工业 4.0 的力量。 Neuron 2.10.0版本及之前版本存在访问控制错误漏洞，该漏洞源于JSON File Handler组件的/api/v2/schema文件中包含一个信息泄露问题。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
emqx	neuron	2.0	-

II. Public POCs for CVE-2024-10965

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-10965

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: neuron

CVE-2024-10964
emqx neuron plugin_handle.c handle_add_plugin buffer overflo

Same vendor: emqx

Same weakness: CWE-200

V. Comments for CVE-2024-10965

Anonymous User

2025-12-17 09:22:24

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2024-10965

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-10965

III. Intelligence Information for CVE-2024-10965

IV. Related Vulnerabilities

V. Comments for CVE-2024-10965

Anonymous User

Leave a comment