CVE-2017-5671

HIGH

Honeywell Intermec Printers < 10.11.013310 - Local Privilege Escalation via BusyBox Jailbreak

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-5671. PoCs published by Jean-Marie Bourbon.

AI-analyzed exploit summary This exploit leverages a SUID binary (Lua) with excessive permissions to escalate privileges from a low-privileged user (it-admin/admin) to root on Intermec Industrial Printers. The PoC demonstrates reading/writing sensitive files (e.g., /etc/shadow) and bypassing Busybox restrictions.

Description

Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file.

Exploits (1)

exploitdb WORKING POC

by Jean-Marie Bourbon · textlocalhardware

https://www.exploit-db.com/exploits/41754

View Code ZIP pw:eip

This exploit leverages a SUID binary (Lua) with excessive permissions to escalate privileges from a low-privileged user (it-admin/admin) to root on Intermec Industrial Printers. The PoC demonstrates reading/writing sensitive files (e.g., /etc/shadow) and bypassing Busybox restrictions.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Intermec PM43 RFID Industrial Printer (firmware < March 2017)

Auth required

Prerequisites: Access to a shell as 'it-admin' or 'admin' user · Presence of SUID Lua binary (/usr/bin/lua)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/41754/

Release Notes x_refsource_confirm

http://apps.intermec.com/downloads/eps_download/Firmware%20Release%20Notes%20x10_11_013310.pdf

Exploit, Patch, Third Party Advisory x_refsource_misc

https://akerva.com/blog/intermec-industrial-printers-local-root-with-busybox-jailbreak/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/97236

Vendor Advisory x_refsource_confirm

https://github.com/kmkz/exploit/blob/master/CVE-2017-5671-Credits.pdf

Scores

CVSS v3 8.8

EPSS 0.0140

EPSS Percentile 69.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (7)

honeywell/intermec_pc23_firmware < 10.10.011406

honeywell/intermec_pc42_firmware < 10.10.011406

honeywell/intermec_pc43_firmware < 10.10.011406

honeywell/intermec_pd43_firmware < 10.10.011406

honeywell/intermec_pm23_firmware < 10.10.011406

honeywell/intermec_pm42_firmware < 10.10.011406

honeywell/intermec_pm43_firmware < 10.10.011406

Published Mar 29, 2017

Tracked Since Feb 18, 2026