CVE-2014-2849

Sophos Web Appliance Firmware < 3.8.2 - Authenticated Admin Password Change

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-2849. PoCs published by Metasploit, including Metasploit module exploits/linux/http/sophos_wpa_iface_exec.

AI-analyzed exploit summary This Metasploit module exploits CVE-2024-2850 by chaining a mass assignment vulnerability to change the admin password and a command injection flaw in the network interface configuration to achieve remote code execution as root on Sophos Web Protection Appliance.

Description

The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremoteunix
https://www.exploit-db.com/exploits/32789

This Metasploit module exploits CVE-2024-2850 by chaining a mass assignment vulnerability to change the admin password and a command injection flaw in the network interface configuration to achieve remote code execution as root on Sophos Web Protection Appliance.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sophos Web Protection Appliance 3.8.1.1
Auth required
Prerequisites: Valid credentials for an authenticated user · Network access to the target appliance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/sophos_wpa_iface_exec.rb

This Metasploit module exploits two vulnerabilities in Sophos Web Protection Appliance: a mass assignment flaw to change the admin password and a command injection in the network interface configuration. It achieves authenticated RCE as root.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sophos Web Protection Appliance 3.8.1.1
Auth required
Prerequisites: Valid non-admin credentials · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/66734
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/32789
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57706
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-069/

Scores

EPSS 0.6093
EPSS Percentile 99.0%

Details

CWE
CWE-264
Status published
Products (50)
sophos/web_appliance
sophos/web_appliance_firmware 3.7.8
sophos/web_appliance_firmware 3.0.0
sophos/web_appliance_firmware 3.0.1
sophos/web_appliance_firmware 3.0.1.1
sophos/web_appliance_firmware 3.0.2
sophos/web_appliance_firmware 3.0.3
sophos/web_appliance_firmware 3.0.4
sophos/web_appliance_firmware 3.0.5
sophos/web_appliance_firmware 3.0.5.1
... and 40 more
Published Apr 11, 2014
Tracked Since Feb 18, 2026