CVE-2014-3789

Cogent DataHub < 7.3.5 - Remote Code Execution via GetPermissions.asp

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-3789. PoCs published by Metasploit, John Leitch, juan vazquez, including Metasploit module exploits/windows/http/cogent_datahub_command.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Cogent DataHub's GetPermissions.asp page, allowing arbitrary command execution via the datahub_command function. It uses a WebDAV server to deliver a payload and achieve remote code execution on Windows systems.

Description

GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/33880

This Metasploit module exploits a command injection vulnerability in Cogent DataHub's GetPermissions.asp page, allowing arbitrary command execution via the datahub_command function. It uses a WebDAV server to deliver a payload and achieve remote code execution on Windows systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Cogent DataHub < 7.3.5
No auth needed
Prerequisites: Network access to the target's web interface · WebDAV service accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC MANUAL
by John Leitch, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/cogent_datahub_command.rb

This Metasploit module exploits a command injection vulnerability in Cogent DataHub prior to 7.3.5 via the GetPermissions.asp page, allowing arbitrary command execution. It uses a WebDAV server to deliver a payload and achieve remote code execution on Windows systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Cogent DataHub < 7.3.5
No auth needed
Prerequisites: Network access to the target · WebDAV service reachable
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
http://cogentdatahub.com/ReleaseNotes.html
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-136/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/67486

Scores

EPSS 0.7100
EPSS Percentile 98.7%

Details

CWE
CWE-94
Status published
Products (12)
cogentdatahub/cogent_datahub 7.0
cogentdatahub/cogent_datahub 7.0.2
cogentdatahub/cogent_datahub 7.1.0
cogentdatahub/cogent_datahub 7.1.1
cogentdatahub/cogent_datahub 7.1.1.63
cogentdatahub/cogent_datahub 7.1.2
cogentdatahub/cogent_datahub 7.2.2
cogentdatahub/cogent_datahub 7.3.0
cogentdatahub/cogent_datahub 7.3.1
cogentdatahub/cogent_datahub 7.3.2
... and 2 more
Published May 22, 2014
Tracked Since Feb 18, 2026