CVE-2017-14702

CRITICAL

ERS Data System <1.8.1.0 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14702. PoCs published by West Shepherd.

AI-analyzed exploit summary This exploit leverages a deserialization vulnerability in ERS Data System 1.8.1.0 by serving a malicious serialized payload via a rogue server, leading to remote code execution when the victim's client connects.

Description

ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization.

Exploits (1)

exploitdb WORKING POC

by West Shepherd · pythonremotewindows

https://www.exploit-db.com/exploits/42952

View Code ZIP pw:eip

This exploit leverages a deserialization vulnerability in ERS Data System 1.8.1.0 by serving a malicious serialized payload via a rogue server, leading to remote code execution when the victim's client connects.

Classification

Working Poc 95%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: ERS Data System 1.8.1.0

No auth needed

Prerequisites: Network access to the victim's machine · Ability to intercept/spoof DNS or redirect traffic to the attacker's server

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42952/

Exploit, Third Party Advisory x_refsource_misc

https://github.com/wshepherd0010/advisories/blob/master/CVE-2017-14702.md

View Exploit ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0830

EPSS Percentile 94.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-502

Status published

Products (1)

branaghgroup/ers_data_system 1.8.1.0

Published Sep 30, 2017

Tracked Since Feb 18, 2026