CVE-2017-12945

HIGH

Solstice Pod < 2.8.4 - Authenticated OS Command Injection via Networking Configuration

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-12945. PoCs published by Alexandre Teyar, aress31.

AI-analyzed exploit summary This exploit targets a blind OS command injection vulnerability in Mersive Solstice 2.8.0. It leverages the 'saveData' endpoint to inject commands via the 'staticIP' parameter, allowing authenticated remote code execution.

Description

Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root.

Exploits (2)

exploitdb WORKING POC

by Alexandre Teyar · pythonwebappsandroid

https://www.exploit-db.com/exploits/47722

View Code ZIP pw:eip

This exploit targets a blind OS command injection vulnerability in Mersive Solstice 2.8.0. It leverages the 'saveData' endpoint to inject commands via the 'staticIP' parameter, allowing authenticated remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Mersive Solstice 2.8.0

Auth required

Prerequisites: Target running Mersive Solstice 2.8.0 · Valid administrator password · Network access to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 4 stars

by aress31 · poc

https://github.com/aress31/cve-2017-12945

View Code ZIP pw:eip

This is a functional exploit for CVE-2017-12945, targeting a blind OS command injection vulnerability in Mersive Solstice Pods. It allows authenticated attackers to execute arbitrary commands with root privileges via crafted HTTP requests to the `/Config/service/saveData` endpoint.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Mersive Solstice Pods < 2.8.4

Auth required

Prerequisites: Network access to the target device · Valid administrator credentials for the Solstice Pod

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/aress31/cve-2017-12945

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/155494/Mersive-Solstice-2.8.0-Remote-Code-Execution.html

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/47722

Release Notes, Vendor Advisory x_refsource_misc

https://documentation.mersive.com/content/pages/release-notes.htm

Scores

CVSS v3 8.8

EPSS 0.1745

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

mersive/solstice_firmware < 2.8.4

Published Nov 27, 2019

Tracked Since Feb 18, 2026