CVE-2014-0358

Xangati XSR <11 - Xangati XNR <7 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2014-0358. PoCs published by Jan Kadijk.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Xangati XSR and XNR devices. It uses crafted POST requests with '../' sequences to access arbitrary files, such as '/etc/shadow'. The vulnerability allows unauthorized file access due to improper path sanitization.

Description

Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/MGConfigData, (2) the download parameter in a download action to servlet/MGConfigData, (3) the download parameter in a port_svc action to servlet/MGConfigData, (4) the file parameter in a getfile action to servlet/Installer, or (5) the binfile parameter to servlet/MGConfigData.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Jan Kadijk · textwebappsjsp
https://www.exploit-db.com/exploits/39142

This exploit demonstrates a directory traversal vulnerability in Xangati XSR and XNR devices. It uses crafted POST requests with '../' sequences to access arbitrary files, such as '/etc/shadow'. The vulnerability allows unauthorized file access due to improper path sanitization.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Xangati XSR prior to 11, XNR prior to 7
Auth required
Prerequisites: Network access to the target device · Valid authentication key
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Jan Kadijk · textwebappsjsp
https://www.exploit-db.com/exploits/39143

This exploit demonstrates a directory traversal vulnerability in Xangati XSR and XNR devices. It uses a crafted POST request to access arbitrary files, such as /etc/shadow, by manipulating the 'file' parameter with '../' sequences.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Xangati XSR prior to 11 and XNR prior to 7
Auth required
Prerequisites: valid key for authentication · network access to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Jan Kadijk · textwebappscgi
https://www.exploit-db.com/exploits/39145

This exploit leverages a command injection vulnerability in Xangati XSR and XNR by sending a maliciously crafted POST request to the '/servlet/Installer' endpoint. The 'params' field is manipulated to inject arbitrary commands, demonstrated here by reading '/etc/shadow'.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Xangati XSR prior to 11, XNR prior to 7
Auth required
Prerequisites: valid key for authentication · network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/657622

Scores

EPSS 0.0611
EPSS Percentile 92.5%

Details

CWE
CWE-22
Status published
Products (2)
xangati/xangati_software_release
xangati/xangati_xnr
Published Apr 15, 2014
Tracked Since Feb 18, 2026