CVE-2012-10040

CRITICAL

Openfiler 2.x - Authenticated OS Command Injection via system.html Device Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-10040. PoCs published by Metasploit, bcoles, including Metasploit module exploits/linux/http/openfiler_networkcard_exec.

AI-analyzed exploit summary This Metasploit module exploits an authenticated command injection vulnerability in Openfiler v2.x via the 'device' parameter in 'system.html', allowing arbitrary command execution as the 'openfiler' user, which can escalate to root via sudo.

Description

Openfiler v2.x contains a command injection vulnerability in the system.html page. The device parameter is used to instantiate a NetworkCard object, whose constructor in network.inc calls exec() with unsanitized input. An authenticated attacker can exploit this to execute arbitrary commands as the openfiler user. Due to misconfigured sudoers, the openfiler user can escalate privileges to root via sudo /bin/bash without a password.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/21191

View Code ZIP pw:eip

This Metasploit module exploits an authenticated command injection vulnerability in Openfiler v2.x via the 'device' parameter in 'system.html', allowing arbitrary command execution as the 'openfiler' user, which can escalate to root via sudo.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Openfiler v2.x

Auth required

Prerequisites: Valid credentials for Openfiler web interface · Network access to port 446 (SSL)

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by bcoles · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/openfiler_networkcard_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in Openfiler v2.x by leveraging the 'device' parameter in 'system.html' to execute arbitrary commands via the 'NetworkCard' class constructor. The exploit authenticates with provided credentials and sends a crafted payload to achieve remote code execution under the 'openfiler' user context.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Openfiler v2.x

Auth required

Prerequisites: Valid Openfiler credentials · Network access to the Openfiler management interface (port 446)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/openfiler_networkcard_exec.rb

Various Sources technical-description exploit

http://web.archive.org/web/20210922060411/https://itsecuritysolutions.org/2012-09-06-Openfiler-v2.x-multiple-vulnerabilities/

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/21191

Various Sources product

https://www.openfiler.com/

Product product

https://sourceforge.net/projects/openfiler/

Scores

CVSS v4 9.4

EPSS 0.7331

EPSS Percentile 98.8%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (2)

Openfiler/Openfiler 2.0

Openfiler/Openfiler 2.x

Published Aug 11, 2025

Tracked Since Feb 18, 2026