CVE-2014-125118

CRITICAL

eScan Web Management Console <5.5-2 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-125118. PoCs published by Metasploit, Joxean Koret, juan vazquez, including Metasploit module exploits/linux/antivirus/escan_password_exec.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in eScan Web Management Console by injecting commands into the password field during login. It achieves remote code execution and privilege escalation via the runasroot utility.

Description

A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The application fails to properly sanitize the 'pass' parameter when processing login requests to login.php, allowing an authenticated attacker with a valid username to inject arbitrary commands via a specially crafted password value. Successful exploitation results in remote code execution. Privilege escalation to root is possible by abusing the runasroot utility with mwconf-level privileges.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappslinux

https://www.exploit-db.com/exploits/32869

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in eScan Web Management Console by injecting commands into the password field during login. It achieves remote code execution and privilege escalation via the runasroot utility.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: eScan Web Management Console 5.5-2

Auth required

Prerequisites: Valid eScan username · Network access to the eScan Web Management Console

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Joxean Koret, juan vazquez · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/antivirus/escan_password_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in eScan Web Management Console (CVE-2014-125118) by injecting commands via the password field during login. It downloads and executes a payload, then escalates privileges using the runasroot utility.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: eScan Web Management Console 5.5-2

Auth required

Prerequisites: Valid username for eScan Web Management Console · Network access to the target · Writable directory on the target

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/antivirus/escan_password_exec.rb

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/escan-web-management-console-command-injection

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/32869

Scores

CVSS v4 9.4

EPSS 0.0334

EPSS Percentile 87.1%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-306 CWE-78

Status published

Products (1)

MicroWorld/eScan Web Management Console 5.5-2

Published Jul 25, 2025

Tracked Since Feb 18, 2026