CVE-2015-5082

Endian Firewall < 2.5.1 - Remote Command Execution via Password Change Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2015-5082. PoCs published by Metasploit, Ben Lincoln, including Metasploit module exploits/linux/http/efw_chpasswd_exec.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Endian Firewall's proxy password change CGI script. It allows remote code execution as the 'nobody' user, which has sudo privileges to change the root password.

Description

Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/38096

This Metasploit module exploits a command injection vulnerability in Endian Firewall's proxy password change CGI script. It allows remote code execution as the 'nobody' user, which has sudo privileges to change the root password.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Endian Firewall (versions 1.1 RC5 to 2.2.x, 2.4.1, 2.5.x)
Auth required
Prerequisites: Valid proxy account credentials · Network access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Ben Lincoln · textremotecgi
https://www.exploit-db.com/exploits/37428

This Metasploit module exploits a command injection vulnerability in Endian Firewall's proxy password change CGI script, allowing remote code execution as the 'nobody' user, which can escalate to root via sudo permissions.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Endian Firewall < 3.0.0
Auth required
Prerequisites: Valid proxy account credentials · Network access to the target's CGI interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Ben Lincoln · pythonremotecgi
https://www.exploit-db.com/exploits/37426

This exploit leverages a command injection vulnerability in Endian Firewall's proxy user password change CGI script to execute arbitrary commands, resulting in a reverse TCP shell. The exploit constructs a malicious HTTP POST request with a crafted payload in the password fields.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Endian Firewall (version not specified)
Auth required
Prerequisites: Valid proxy username and password · Network access to the target system · Listener set up for reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Ben Lincoln · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/efw_chpasswd_exec.rb

This Metasploit module exploits a command injection vulnerability in Endian Firewall's chpasswd.cgi script, allowing remote code execution as the 'nobody' user, which has sudo privileges to change the root password. The exploit leverages multipart form data to inject commands into the password change fields.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Endian Firewall Community (versions 1.1 RC5 to 2.2.x, 2.4.1, 2.5.x)
Auth required
Prerequisites: Valid proxy account credentials · Access to the chpasswd.cgi endpoint
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37428/
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/38096/
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37426/

Scores

EPSS 0.6991
EPSS Percentile 99.3%

Details

CWE
CWE-77
Status published
Products (1)
endian_firewall/endian_firewall < 2.5.1
Published Sep 28, 2015
Tracked Since Feb 18, 2026