CVE-2017-11322

HIGH

UCOPIA Wireless Appliance < 5.1.7 - OS Command Injection via chroothole_client Argument

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-11322. PoCs published by Sysdream, tnpitsecurity.

AI-analyzed exploit summary The exploit demonstrates a local privilege escalation (LPE) via command injection in the `chroothole_client` binary, allowing an attacker to escape the chroot and gain root access by injecting a reverse shell command.

Description

The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.

Exploits (2)

exploitdb WORKING POC

by Sysdream · locallinux

https://www.exploit-db.com/exploits/42936

View Code ZIP pw:eip

The exploit demonstrates a local privilege escalation (LPE) via command injection in the `chroothole_client` binary, allowing an attacker to escape the chroot and gain root access by injecting a reverse shell command.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: UCOPIA Wireless Appliance < 5.1.8

Auth required

Prerequisites: Local access to the UCOPIA Wireless Appliance · Presence of the vulnerable `chroothole_client` binary

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github WORKING POC 4 stars

by tnpitsecurity · poc

https://github.com/tnpitsecurity/CVEs/tree/master/CVE-2017-11322

View Code ZIP pw:eip

The repository provides a functional proof-of-concept for CVE-2017-11322, demonstrating a chroot escape and privilege escalation vulnerability in UCOPIA Wireless Appliance versions prior to 5.1.8. The exploit leverages improper command sanitization in the 'chroothole_client' binary to execute arbitrary commands as root.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: UCOPIA Wireless Appliance < 5.1.8

Auth required

Prerequisites: local access to the appliance · presence of 'chroothole_client' binary · netcat or similar tool for reverse shell

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://sysdream.com/news/lab/2017-09-29-cve-2017-11322-ucopia-wireless-appliance-5-1-8-privileges-escalation/

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42936/

Scores

CVSS v3 8.2

EPSS 0.0472

EPSS Percentile 90.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

ucopia/ucopia_wireless_appliance < 5.1.7

Published Oct 03, 2017

Tracked Since Feb 18, 2026