CVE-2016-5840

HIGH

Trend Micro Deep Discovery Inspector <3.8 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-5840. PoCs published by korpritzombie.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in Trend Micro Threat Discovery Appliance (TDA) 2.6.1062r1 via the hotfix_upload.cgi file. The filename parameter in the multipart form upload is vulnerable to command injection, allowing arbitrary command execution as root.

Description

hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.

Exploits (1)

exploitdb WORKING POC

by korpritzombie · textwebappslinux

https://www.exploit-db.com/exploits/40180

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in Trend Micro Threat Discovery Appliance (TDA) 2.6.1062r1 via the hotfix_upload.cgi file. The filename parameter in the multipart form upload is vulnerable to command injection, allowing arbitrary command execution as root.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Trend Micro Threat Discovery Appliance 2.6.1062r1

No auth needed

Prerequisites: Network access to the target appliance · Ability to send HTTP POST requests to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory x_refsource_misc

http://www.zerodayinitiative.com/advisories/ZDI-16-373

Third Party Advisory third-party-advisory x_refsource_jvndb

http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.html

Third Party Advisory third-party-advisory x_refsource_jvn

http://jvn.jp/en/jp/JVN55428526/index.html

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40180/

Vendor Advisory x_refsource_confirm

http://esupport.trendmicro.com/solution/en-US/1114281.aspx

Scores

CVSS v3 7.2

EPSS 0.0777

EPSS Percentile 93.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (3)

trend_micro/deep_discovery_inspector 3.7

trend_micro/deep_discovery_inspector 3.81

trend_micro/deep_discovery_inspector 3.82

Published Jun 30, 2016

Tracked Since Feb 18, 2026