CVE-2012-10041

CRITICAL

WAN Emulator 2.3 - Unauthenticated OS Command Injection via result.php pc Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-10041. PoCs published by Metasploit, bcoles, including Metasploit module exploits/linux/http/wanem_exec.

AI-analyzed exploit summary This Metasploit module exploits a command execution vulnerability in WAN Emulator v2.3 via the 'result.php' script, allowing unauthenticated RCE as 'www-data' and privilege escalation to root via the 'dosu' binary.

Description

WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shell_exec() with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The system also includes a SUID-root binary named dosu, which is vulnerable to command injection via its first argument. An attacker can exploit both flaws in sequence to achieve full remote code execution and escalate privileges to root.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/21190

View Code ZIP pw:eip

This Metasploit module exploits a command execution vulnerability in WAN Emulator v2.3 via the 'result.php' script, allowing unauthenticated RCE as 'www-data' and privilege escalation to root via the 'dosu' binary.

Classification

Working Poc 100%

Attack Type

Rce | Lpe

Complexity

Trivial

Reliability

Reliable

Target: WAN Emulator v2.3

No auth needed

Prerequisites: Network access to the target · WAN Emulator v2.3 running

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by bcoles · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/wanem_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a command execution vulnerability in WAN Emulator v2.3 via the 'result.php' script, which calls shell_exec() with user-controlled data from the 'pc' parameter. It also leverages a suid binary 'dosu' for privilege escalation to root.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WAN Emulator v2.3

No auth needed

Prerequisites: Network access to the target · WAN Emulator v2.3 running on the target

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/wanem_exec.rb

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/21190

Product product

https://sourceforge.net/projects/wanem/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/wan-emulator-command-execution

Scores

CVSS v4 9.3

EPSS 0.0292

EPSS Percentile 85.2%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

WAN Emulator/WAN Emulator 2.3

Published Aug 08, 2025

Tracked Since Feb 18, 2026