CVE-2015-2797

Exploitation Summary

EIP tracks 4 public exploits for CVE-2015-2797. PoCs published by Metasploit, Batuhan Burakcin, Bariskizilkaya, including Metasploit module exploits/linux/http/airties_login_cgi_bof.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow vulnerability in Airties routers via a maliciously crafted HTTP POST request to the login CGI with an overly long redirect parameter. It achieves remote code execution by leveraging a cmdstager to deliver a payload, targeting MIPS big-endian architectures.

Description

Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotehardware

https://www.exploit-db.com/exploits/37170

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow vulnerability in Airties routers via a maliciously crafted HTTP POST request to the login CGI with an overly long redirect parameter. It achieves remote code execution by leveraging a cmdstager to deliver a payload, targeting MIPS big-endian architectures.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Airties routers (e.g., Air5650v3TT_FW_1.0.2.0, Air6372, Air5760, etc.)

No auth needed

Prerequisites: Network access to the vulnerable router · Target router must be running a vulnerable firmware version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Batuhan Burakcin · pythonremotemultiple

https://www.exploit-db.com/exploits/36577

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in AIRTIES Air5650v3TT routers, delivering a reverse shell payload. It constructs a malicious HTTP request with shellcode to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AIRTIES Air5650v3TT

No auth needed

Prerequisites: Network access to the target device · Knowledge of target IP and listener IP/port

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by Bariskizilkaya · poc

https://github.com/Bariskizilkaya/CVE-2015-2797-PoC

View Code ZIP pw:eip

This PoC exploits a buffer overflow vulnerability in the AirTies 5650 router's login CGI by sending an excessively long redirect parameter, leading to a crash or potential code execution. The script uses chroot and qemu-mips-static to emulate the environment for testing.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: AirTies 5650 router firmware

No auth needed

Prerequisites: Access to the target router's web interface · qemu-mips-static emulator

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/airties_login_cgi_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow vulnerability in Airties routers via a maliciously crafted HTTP POST request to the login CGI with an overly long redirect parameter. It achieves remote code execution by overwriting the return address and leveraging ROP gadgets to call system().

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Airties routers (e.g., Air5650v3TT_FW_1.0.2.0, Air6372, Air5760, etc.)

No auth needed

Prerequisites: Network access to the vulnerable router's web interface · Target device must be running vulnerable firmware

MITRE ATT&CK