CVE-2018-10285

CRITICAL

Ericsson-LG iPECS NMS A.1Ac - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-10285. PoCs published by Berk Cem Göksel.

AI-analyzed exploit summary This exploit leverages SQL injection (CVE-2018-9245) and incorrect access control (CVE-2018-10285) to dump cleartext database and NMS credentials from Ericsson-LG iPECS NMS. It first bypasses authentication via SQLi, then extracts database credentials, and finally retrieves admin credentials for the NMS.

Description

The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication.

Exploits (1)

exploitdb WORKING POC
by Berk Cem Göksel · pythonwebappsphp
https://www.exploit-db.com/exploits/44515

This exploit leverages SQL injection (CVE-2018-9245) and incorrect access control (CVE-2018-10285) to dump cleartext database and NMS credentials from Ericsson-LG iPECS NMS. It first bypasses authentication via SQLi, then extracts database credentials, and finally retrieves admin credentials for the NMS.

Classification
Working Poc 95%
Attack Type
Sqli | Auth Bypass | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Ericsson-LG iPECS NMS A.1Ac and possibly earlier
No auth needed
Prerequisites: Network access to the target system · Target system running vulnerable iPECS NMS version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44515/

Scores

CVSS v3 9.8
EPSS 0.1373
EPSS Percentile 96.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-732
Status published
Products (1)
ericssonlg/ipecs_nms a.1ac
Published Apr 22, 2018
Tracked Since Feb 18, 2026