CVE-2008-2157

EMC AlphaStor 3.1 SP1 - Remote Code Execution via TCP Port 3500

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-2157. PoCs published by MC, including Metasploit module auxiliary/admin/emc/alphastor_librarymanager_exec.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in EMC AlphaStor Library Manager by sending a maliciously crafted packet to TCP port 3500. The vulnerability allows arbitrary command execution due to insufficient input sanitization.

Description

robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500.

Exploits (2)

metasploit WORKING POC
by MC · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/emc/alphastor_librarymanager_exec.rb

This Metasploit module exploits a command injection vulnerability in EMC AlphaStor Library Manager by sending a maliciously crafted packet to TCP port 3500. The vulnerability allows arbitrary command execution due to insufficient input sanitization.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: EMC AlphaStor Library Manager
No auth needed
Prerequisites: Network access to TCP port 3500 on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by MC · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/emc/alphastor_devicemanager_exec.rb

This Metasploit module exploits a command injection vulnerability in EMC AlphaStor Device Manager by sending a maliciously crafted packet to TCP port 3000. The vulnerability arises from improper input sanitization, allowing arbitrary command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: EMC AlphaStor Device Manager
No auth needed
Prerequisites: Network access to TCP port 3000 on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=703
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30410
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1020116
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1670
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42671

Scores

EPSS 0.8500
EPSS Percentile 99.4%

Details

CWE
CWE-20
Status published
Products (1)
emc_corporation/alphastor 3.1_sp1
Published May 29, 2008
Tracked Since Feb 18, 2026