CVE-2013-6785

MEDIUM

Supermicro IPMI < SMT_X9_315 Authenticated Path Traversal via url_redirect.cgi

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6785. PoCs published by hdm, juan vazquez, including Metasploit module auxiliary/scanner/http/smt_ipmi_url_redirect_traversal.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability in Supermicro Onboard IPMI's url_redirect.cgi, allowing authenticated users to read arbitrary files, including credential files. It requires valid credentials and abuses the url_name parameter to traverse directories.

Description

Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter.

Exploits (1)

metasploit WORKING POC
by hdm, juan vazquez · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/smt_ipmi_url_redirect_traversal.rb

This Metasploit module exploits a directory traversal vulnerability in Supermicro Onboard IPMI's url_redirect.cgi, allowing authenticated users to read arbitrary files, including credential files. It requires valid credentials and abuses the url_name parameter to traverse directories.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware version SMT_X9_214
Auth required
Prerequisites: Valid credentials for Supermicro Web Interface · Network access to the IPMI web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 4.3
EPSS 0.0436
EPSS Percentile 89.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
supermicro/intelligent_platform_management_interface < smt_x9_315
Published Jan 23, 2020
Tracked Since Feb 18, 2026