CVE-2013-2347

HP Storage Data Protector 6.2X - Remote Code Execution via Crafted EXEC_BAR Packet

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2013-2347. PoCs published by Metasploit, Chris Graham, including Metasploit module exploits/windows/misc/hp_dataprotector_exec_bar.

AI-analyzed exploit summary This Metasploit module exploits CVE-2013-2347 in HP Data Protector's Backup Client Service (OmniInet.exe) via the EXEC_BAR operation to achieve remote code execution. It supports both VBScript CMDStager and PowerShell payloads, targeting Windows systems.

Description

The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/32164

View Code ZIP pw:eip

This Metasploit module exploits CVE-2013-2347 in HP Data Protector's Backup Client Service (OmniInet.exe) via the EXEC_BAR operation to achieve remote code execution. It supports both VBScript CMDStager and PowerShell payloads, targeting Windows systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Data Protector 6.20 build 370

No auth needed

Prerequisites: Network access to port 5555 on the target · Vulnerable version of HP Data Protector installed

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Chris Graham · pythonremotewindows

https://www.exploit-db.com/exploits/31689

View Code ZIP pw:eip

This exploit targets HP Data Protector's omniinet service (port 5555) via a malicious EXEC_BAR packet (opcode 11) to achieve remote command execution. It creates a new Windows administrator account by leveraging the service's argument parser to pass commands to CreateProcessW.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Data Protector 6.10, 6.11, 6.20

No auth needed

Prerequisites: Network access to port 5555 on the target · Vulnerable HP Data Protector version

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/hp_dataprotector_exec_bar.rb

View Code ZIP pw:eip

This Metasploit module exploits a remote code execution vulnerability in HP Data Protector's Backup Client Service (OmniInet.exe) via the EXEC_BAR operation. It supports both VBScript and PowerShell payload delivery methods, targeting Windows systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Data Protector 6.20 build 370

No auth needed

Prerequisites: Network access to port 5555 on the target system

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Broken Link exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/32164

Permissions Required x_refsource_misc

http://ddilabs.blogspot.com/2014/02/fun-with-hp-data-protector-execbar.html

Third Party Advisory x_refsource_misc

http://www.zerodayinitiative.com/advisories/ZDI-14-008/

Vendor Advisory vendor-advisory x_refsource_hp

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422

Scores

EPSS 0.6641

EPSS Percentile 99.2%

Details

Status published

Products (2)

hp/storage_data_protector 6.20 (2 CPE variants)

hp/storage_data_protector 6.21 (5 CPE variants)

Published Jan 04, 2014

Tracked Since Feb 18, 2026