CVE-2013-0526

IBM Avocent 1754 KVM - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-0526. PoCs published by Alejandro Alvarez Bravo.

AI-analyzed exploit summary This exploit leverages unsanitized input in the ping.php script of IBM 1754 GCM KVM switches to inject arbitrary commands via the $count and $size parameters, leading to remote command execution as root. The PoC demonstrates adding a backdoor user and enabling telnet access.

Description

ping.php in Global Console Manager 16 (GCM16) and Global Console Manager 32 (GCM32) before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) count or (2) size parameter.

Exploits (1)

exploitdb WORKING POC
by Alejandro Alvarez Bravo · textremotehardware
https://www.exploit-db.com/exploits/27706

This exploit leverages unsanitized input in the ping.php script of IBM 1754 GCM KVM switches to inject arbitrary commands via the $count and $size parameters, leading to remote command execution as root. The PoC demonstrates adding a backdoor user and enabling telnet access.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: IBM 1754 GCM KVM switch (v.1.18.0.22011 and older)
Auth required
Prerequisites: Valid session ID (avctSessionId) · Network access to the KVM switch
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/85367

Scores

EPSS 0.0607
EPSS Percentile 92.5%

Details

CWE
CWE-20
Status published
Products (2)
ibm/global_console_manager_16_firmware < 1.18.0.22011
ibm/global_console_manager_32_firmware < 1.18.0.22011
Published Aug 21, 2013
Tracked Since Feb 18, 2026