CVE-2017-9757

HIGH

IPFire < 2.19 - Authenticated Remote Command Injection via OINKCODE Parameter

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2017-9757. PoCs published by 0x09AL, peterleiva, h00die <[email protected]>, 0x09AL, including Metasploit module exploits/linux/http/ipfire_oinkcode_exec.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in IPFire 2.19's ids.cgi via the OINKCODE parameter, which is passed unsanitized to a system call. It includes a reverse shell payload and requires valid credentials or CSRF to exploit.

Description

IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF.

Exploits (3)

exploitdb WORKING POC VERIFIED

by 0x09AL · pythonwebappslinux

https://www.exploit-db.com/exploits/42149

View Code ZIP pw:eip

This exploit targets a command injection vulnerability in IPFire 2.19's ids.cgi via the OINKCODE parameter, which is passed unsanitized to a system call. It includes a reverse shell payload and requires valid credentials or CSRF to exploit.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: IPFire 2.19 (x86_64) - Core Update 110

Auth required

Prerequisites: Valid credentials for the IPFire web interface · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by peterleiva · poc

https://github.com/peterleiva/CVE-2017-9757

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in SyncBreeze v10.0.28, delivering shellcode via a crafted HTTP POST request to the login endpoint. The payload includes a return address and NOP sled followed by malicious shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SyncBreeze v10.0.28

No auth needed

Prerequisites: Network access to the target · SyncBreeze v10.0.28 running on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by h00die <[email protected]>, 0x09AL · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ipfire_oinkcode_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a remote command execution vulnerability in IPFire's ids.cgi via the OINKCODE field, allowing arbitrary command execution through backtick injection. It includes authentication handling and version checking to confirm target vulnerability.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IPFire < 2.19 Update Core 110

Auth required

Prerequisites: Valid credentials for IPFire web interface · Network access to port 444 (or configured HTTPS port)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42149/

Third Party Advisory x_refsource_misc

https://twitter.com/0x09AL/status/873860385652256768

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/99173

Scores

CVSS v3 8.8

EPSS 0.3850

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

ipfire/ipfire < 2.19

Published Jun 19, 2017

Tracked Since Feb 18, 2026