CVE-2011-2763

Lifesize Room Appliance Software - Improper Input Validation

Title source: rule

Description

The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Spencer McIntyre · rubywebappsphp

https://www.exploit-db.com/exploits/17743

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Spencer McIntyre · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/lifesize_room.rb

View Code ZIP pw:eip

References (8)

[Exploit] http://www.exploit-db.com/exploits/17743

[US Government Resource] http://www.kb.cert.org/vuls/id/213486

[Exploit] http://www.securestate.com/Documents/LifeSize_Room_Advisory.txt

[Exploit] http://www.securityfocus.com/bid/49330

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/519463/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/69444

[Third Party Advisory] http://securityreason.com/securityalert/8363

[Third Party Advisory] http://securityreason.com/securityalert/8527

Scores

EPSS 0.7015

EPSS Percentile 98.7%

Details

CWE

CWE-20

Status published

Products (2)

lifesize/lifesize_room_appliance_software 4.7.18

lifesize/lifesize_room_appliance_software ls_rm1_3.5.3

Published Sep 02, 2011

Tracked Since Feb 18, 2026