CVE-2013-2571

CRITICAL

hcomm xpient_iris < 3.8 - Remote Code Execution via TCP Port 7510

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-2571. PoCs published by Core Security.

AI-analyzed exploit summary The exploit demonstrates a vulnerability in Xpient POS systems (Iris 3.8) where a crafted message sent to TCP port 7510 triggers the cash drawer to open without authentication. The PoC sends the command '1 1' to the target IP on port 7510, exploiting an input validation error.

Description

Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Core Security · textremotehardware
https://www.exploit-db.com/exploits/25987

The exploit demonstrates a vulnerability in Xpient POS systems (Iris 3.8) where a crafted message sent to TCP port 7510 triggers the cash drawer to open without authentication. The PoC sends the command '1 1' to the target IP on port 7510, exploiting an input validation error.

Classification
Working Poc 100%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Xpient Iris 3.8 build 1052
No auth needed
Prerequisites: Network access to the target POS system · TCP port 7510 accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://www.exploit-db.com/exploits/25987
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/60359
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/84761

Scores

CVSS v3 9.8
EPSS 0.6205
EPSS Percentile 98.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
hcomm/xpient_iris < 3.8
Published Jan 28, 2020
Tracked Since Feb 18, 2026