CVE-2017-11567

HIGH

Mongoose Embedded Web Server Library < 6.8 - Cross-Site Request Forgery via __mg_admin?save

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-11567. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit leverages a CSRF vulnerability in Mongoose Web Server to execute arbitrary commands via log file injection and CGI misconfiguration. It demonstrates adding a backdoor user or launching calc.exe through crafted HTTP requests and TELNET interactions.

Description

Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely.

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · textremotewindows

https://www.exploit-db.com/exploits/42614

View Code ZIP pw:eip

This exploit leverages a CSRF vulnerability in Mongoose Web Server to execute arbitrary commands via log file injection and CGI misconfiguration. It demonstrates adding a backdoor user or launching calc.exe through crafted HTTP requests and TELNET interactions.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Mongoose Web Server (Free Edition) v6.5

No auth needed

Prerequisites: Victim must visit a malicious page or click a link · CGI interpreter path must be known or set · Mongoose must be running in non-service mode for stable execution

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit x_refsource_misc

http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42614/

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2017/Sep/3

Scores

CVSS v3 8.8

EPSS 0.0413

EPSS Percentile 89.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

cesanta/mongoose_embedded_web_server_library < 6.8

Published Sep 07, 2017

Tracked Since Feb 18, 2026