CVE-2017-17867

HIGH

Inteno iopsys 2.0-3.14 and 4.0 - Authenticated Remote Code Execution via odhcpd leasetrigger Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-17867. PoCs published by neonsea.

AI-analyzed exploit summary This exploit targets CVE-2017-17867 in OpenWrt's ubus service, leveraging authentication to modify Samba shares and DHCP leasetrigger settings to achieve remote code execution via a malicious script.

Description

Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration.

Exploits (1)

exploitdb WORKING POC
by neonsea · pythonremotehardware
https://www.exploit-db.com/exploits/43428

This exploit targets CVE-2017-17867 in OpenWrt's ubus service, leveraging authentication to modify Samba shares and DHCP leasetrigger settings to achieve remote code execution via a malicious script.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OpenWrt (ubus service)
Auth required
Prerequisites: Network access to the target device · Valid credentials for authentication · SMB service enabled or configurable
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://neonsea.uk/blog/2017/12/23/rce-inteno-iopsys.html
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43428/

Scores

CVSS v3 8.8
EPSS 0.1108
EPSS Percentile 95.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-732
Status published
Products (2)
intenogroup/iopsys 4.0
intenogroup/iopsys 2.0 - 3.14
Published Jan 04, 2018
Tracked Since Feb 18, 2026