CVE-2016-6267

HIGH

Trend Micro Smart Protection Server <3.0.1330 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-6267. Includes Metasploit module exploits/linux/http/trendmicro_sps_exec.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Trend Micro Smart Protection Server by injecting commands into the 'spare_Community' parameter of the admin_notification.php endpoint. It requires authentication and uses a cmdstager for payload delivery.

Description

SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/trendmicro_sps_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in Trend Micro Smart Protection Server by injecting commands into the 'spare_Community' parameter of the admin_notification.php endpoint. It requires authentication and uses a cmdstager for payload delivery.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Trend Micro Smart Protection Server (versions 3.0 < build 1330, 2.6 < build 2106, 2.5 < build 2200)

Auth required

Prerequisites: Valid admin credentials · Network access to the target · SSL enabled on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Technical Description, Third Party Advisory x_refsource_misc

https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/

Mitigation, Patch, Vendor Advisory x_refsource_confirm

https://success.trendmicro.com/solution/1114913

Scores

CVSS v3 8.8

EPSS 0.7252

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (3)

trendmicro/smart_protection_server 2.5

trendmicro/smart_protection_server 2.6

trendmicro/smart_protection_server 3.0

Published Jan 30, 2017

Tracked Since Feb 18, 2026