CVE-2006-2043

IP3 Networks NetAccess NA75 - Local Command Injection via Backtick Characters in CLI

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2043. PoCs published by r00t.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in NetAccess IP3's ping functionality to spawn an interactive shell. The attacker logs in via SSH, selects the ping option, and injects a command to execute a shell.

Description

na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "`" (backtick) characters in the appliance's command line interface (CLI).

Exploits (1)

exploitdb WORKING POC VERIFIED

by r00t · textlocalhardware

https://www.exploit-db.com/exploits/9688

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in NetAccess IP3's ping functionality to spawn an interactive shell. The attacker logs in via SSH, selects the ping option, and injects a command to execute a shell.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: NetAccess IP3

Auth required

Prerequisites: SSH access to the target device · Valid credentials for any level control panel

MITRE ATT&CK