CVE-2014-2623

EXPLOITED

HP Storage Data Protector 8.x - Remote Code Execution

Title source: llm

Exploitation Summary

CVE-2014-2623 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including Metasploit, Juttikhun Khamchaiyaphum, Polunchis, including a Metasploit module exploits/windows/misc/hp_dataprotector_cmd_exec.

AI-analyzed exploit summary This Metasploit module exploits CVE-2014-2623, a remote command execution vulnerability in HP Data Protector 8.10. It sends a crafted request with opcode 28 to the OmniInet service on TCP/5555, executing arbitrary commands via rundll32.exe and a fake SMB server.

Description

Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/36304

View Code ZIP pw:eip

This Metasploit module exploits CVE-2014-2623, a remote command execution vulnerability in HP Data Protector 8.10. It sends a crafted request with opcode 28 to the OmniInet service on TCP/5555, executing arbitrary commands via rundll32.exe and a fake SMB server.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Data Protector 8.10

No auth needed

Prerequisites: Network access to TCP/5555 · SMB server setup for payload delivery

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Juttikhun Khamchaiyaphum · pythonremotehp-ux

https://www.exploit-db.com/exploits/35961

View Code ZIP pw:eip

This exploit targets a remote command execution vulnerability in HP Data Protector 8.x by sending a crafted packet to a specified port. The payload includes a command injection mechanism that leverages a buffer overflow to execute arbitrary commands on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Data Protector 8.x

No auth needed

Prerequisites: Network access to the target system · HP Data Protector 8.x running on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Polunchis · pythonremotewindows

https://www.exploit-db.com/exploits/34066

View Code ZIP pw:eip

This exploit targets HP Data Protector Manager 8.10, allowing remote command execution via a crafted packet sent to TCP port 5555. It includes functionality to either execute arbitrary commands or add a user to the Administrators group.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Data Protector Manager 8.10

No auth needed

Prerequisites: Network access to TCP port 5555 on the target system

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Christian Ramirez, Henoch Barrera · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/hp_dataprotector_cmd_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a remote command execution vulnerability in HP Data Protector 8.10 by sending a crafted request with opcode 28 to the OmniInet service on TCP/5555. It executes arbitrary commands via rundll32.exe and delivers the payload through a fake SMB server.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Data Protector 8.10

No auth needed

Prerequisites: Network access to TCP/5555 on the target · SMB server setup for payload delivery

MITRE ATT&CK