Cisco SPA112 2-Port Phone Adapters RCE Exploit

CVE 2023 20126 A Critical RCE Vulnerability In Cisco SPA112 2 Port Phone Adapter

Exploits And POCs

July 26, 2023 / Prapattimynk

Cisco SPA112 2-Port Phone Adapters RCE Exploit

RancidCrisco

Minimum Viable PoC for CVE-2023-20126

This is the initial release. It works, but its the ‘simplest case’ exploit.

Tested and working on SPA112/SPA122 – SPA232D requires a different firmware image.

Gives a root-shell on port 23000/tcp.

I still need to clean up the toolchain used for editing the firmware and will probably put that in a different repo. It is mostly based on the work of @BigNerd95, but with minor alterations to work on the SPA112/122 firmware files.

Download

Upvote0PointsDownvote

0 People voted this article. 0 Upvotes - 0 Downvotes.

CVE-2023-35086 POC

What do you think?

It is nice to know your opinion. Leave a comment.

September 14, 2023

FHR Electric Data Leak

July 8, 2023

Postfix SMTP Smuggling CVE-2023-51764 Exploit

December 27, 2023

WSPCoerce - PoC to coerce authentication from Windows hosts using MS-WSP

July 28, 2023

CVE-2023-20110 Exploit | Cisco Smart Software Manager On-Prem SQL Injection

July 16, 2023

Now Reading: Cisco SPA112 2-Port Phone Adapters RCE Exploit

Cisco SPA112 2-Port Phone Adapters RCE Exploit

Share

CVE-2023-35086 POC

Kernel Exploits Factory

What do you think?

Leave a reply Cancel reply

Craxs Rat V6.7 Working Free Download

FHR Electric Data Leak

Postfix SMTP Smuggling CVE-2023-51764 Exploit

WSPCoerce - PoC to coerce authentication from Windows hosts using MS-WSP

CVE-2023-20110 Exploit | Cisco Smart Software Manager On-Prem SQL Injection

Quick Navigation

Cisco SPA112 2-Port Phone Adapters RCE Exploit