CVE-2015-4624

HIGH

Hak5 WiFi Pineapple 2.0-2.3 - Predictable CSRF Token

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2015-4624. PoCs published by Metasploit, catatonicprime, including Metasploit module exploits/linux/http/pineapple_bypass_cmdinject.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Hak5 WiFi Pineapple devices (versions 2.0 to < 2.4) by leveraging default credentials or brute-forcing the proof-of-ownership challenge to reset the password. It then injects commands via a vulnerable endpoint to achieve remote code execution.

Description

Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/40609

This Metasploit module exploits a command injection vulnerability in Hak5 WiFi Pineapple devices (versions 2.0 to < 2.4) by leveraging default credentials or brute-forcing the proof-of-ownership challenge to reset the password. It then injects commands via a vulnerable endpoint to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Hak5 WiFi Pineapple 2.0.0 - 2.3.0
Auth required
Prerequisites: Network access to the target device · Default credentials or ability to brute-force the proof-of-ownership challenge
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by catatonicprime · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/pineapple_bypass_cmdinject.rb

This Metasploit module exploits a command injection vulnerability in Hak5 WiFi Pineapple devices (versions 2.0.0 to 2.3.0) by bypassing login/CSRF checks. It sends a crafted POST request to execute arbitrary commands via the 'commands' parameter.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Hak5 WiFi Pineapple 2.0.0 - 2.3.0
No auth needed
Prerequisites: Network access to the target device · Target device running vulnerable firmware
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by catatonicprime · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/pineapple_preconfig_cmdinject.rb

This Metasploit module exploits a command injection vulnerability in Hak5 WiFi Pineapple devices (versions 2.0 to 2.3.0) by leveraging default credentials and a weak anti-CSRF token mechanism. It includes brute-force capabilities for the proof-of-ownership challenge to reset the password if default credentials fail.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Hak5 WiFi Pineapple 2.0.0 - 2.3.0
Auth required
Prerequisites: Network access to the target device · Default credentials or brute-force capability for password reset
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40609/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/536184/100/500/threaded

Scores

CVSS v3 7.5
EPSS 0.3695
EPSS Percentile 98.3%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-284
Status published
Products (4)
hak5/wi-fi_pineapple_firmware 2.0
hak5/wi-fi_pineapple_firmware 2.1
hak5/wi-fi_pineapple_firmware 2.2
hak5/wi-fi_pineapple_firmware 2.3
Published Mar 31, 2017
Tracked Since Feb 18, 2026