CVE-2017-16522

HIGH

MitraStar GPT-2541GNAC and DSL-100HN-T1 - Authenticated Privilege Escalation via Command Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-16522. PoCs published by j0lama.

AI-analyzed exploit summary This exploit leverages a misconfigured SSH service on MitraStar routers, allowing command execution via SSH with root privileges by bypassing the default shell. The vulnerability is due to improper SSH configuration, enabling direct shell access.

Description

MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute.

Exploits (1)

exploitdb WORKING POC
by j0lama · textremotehardware
https://www.exploit-db.com/exploits/43061

This exploit leverages a misconfigured SSH service on MitraStar routers, allowing command execution via SSH with root privileges by bypassing the default shell. The vulnerability is due to improper SSH configuration, enabling direct shell access.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: MitraStar DSL-100HN-T1 (ES_113WJY0b16) and GPT-2541GNAC (1.00(VNJ0)b1)
Auth required
Prerequisites: SSH access to the router · Credentials for user '1234' or 'zyad1234'
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43061/

Scores

CVSS v3 8.8
EPSS 0.0257
EPSS Percentile 83.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-276
Status published
Products (2)
mitrastar/dsl-100hn-t1_firmware es_113wjy0b16
mitrastar/gpt-2541gnac_firmware 1.00\(vnj0\)b1
Published Nov 03, 2017
Tracked Since Feb 18, 2026