CVE-2011-2763

LifeSize Room Appliance Software - Remote Code Execution via gateway.php LSRoom_Remoting.doCommand

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-2763. PoCs published by Spencer McIntyre, including Metasploit module exploits/unix/http/lifesize_room.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in LifeSize Room versions 3.5.3 and 4.7.18 via a malicious AMF-encoded POST request to the `LSRoom_Remoting.doCommand` function. It leverages a PHP session to authenticate and execute arbitrary commands.

Description

The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Spencer McIntyre · rubywebappsphp
https://www.exploit-db.com/exploits/17743

This Metasploit module exploits a command injection vulnerability in LifeSize Room versions 3.5.3 and 4.7.18 via a malicious AMF-encoded POST request to the `LSRoom_Remoting.doCommand` function. It leverages a PHP session to authenticate and execute arbitrary commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: LifeSize Room 3.5.3, 4.7.18
Auth required
Prerequisites: Network access to the target · Valid PHP session
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Spencer McIntyre · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/lifesize_room.rb

This Metasploit module exploits a command injection vulnerability in LifeSize Room versions 3.5.3 and 4.7.18 by leveraging a vulnerable resource to inject OS commands via a crafted AMF request. The exploit establishes a session, validates it, and then sends a malicious POST request to execute the payload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: LifeSize Room versions 3.5.3 and 4.7.18
No auth needed
Prerequisites: Network access to the target LifeSize Room appliance · Target must be running a vulnerable version of LifeSize Room
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69444
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/17743
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8527
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/49330
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/519463/100/0/threaded
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/213486
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8363

Scores

EPSS 0.7073
EPSS Percentile 98.7%

Details

CWE
CWE-20
Status published
Products (2)
lifesize/lifesize_room_appliance_software 4.7.18
lifesize/lifesize_room_appliance_software ls_rm1_3.5.3
Published Sep 02, 2011
Tracked Since Feb 18, 2026