CVE-2018-1207

CRITICAL EXPLOITED NUCLEI

Dell EMC iDRAC7/iDRAC8 < 2.52.52.52 - Unauthenticated Remote Code Execution via CGI Injection

Title source: llm

Exploitation Summary

CVE-2018-1207 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including Photubias, mgargiullo, theinkbit. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit targets CVE-2018-1207, an unauthenticated file upload vulnerability in Dell EMC iDRAC7/iDRAC8. It includes a checker and an exploit to add a webadmin user via a precompiled payload.

Description

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code.

Exploits (4)

exploitdb WORKING POC

by Photubias · pythonremotehardware

https://www.exploit-db.com/exploits/52246

View Code ZIP pw:eip

This exploit targets CVE-2018-1207, an unauthenticated file upload vulnerability in Dell EMC iDRAC7/iDRAC8. It includes a checker and an exploit to add a webadmin user via a precompiled payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Dell EMC iDRAC7/iDRAC8 < 2.52.52.52

No auth needed

Prerequisites: Network access to the target iDRAC interface · Python 3 with requests library

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 16 stars

by mgargiullo · remote

https://github.com/mgargiullo/cve-2018-1207

View Code ZIP pw:eip

This exploit targets a CGI injection vulnerability in Dell EMC iDRAC7/iDRAC8 firmware versions prior to 2.52.52.52 (CVE-2018-1207). It generates a shared object payload using a cross-compiler, uploads it to the vulnerable device, and triggers execution via LD_PRELOAD to achieve remote code execution as root.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Dell EMC iDRAC7/iDRAC8 firmware < 2.52.52.52

No auth needed

Prerequisites: sh4-linux-gnu-gcc-11 · network access to target iDRAC · listener setup for reverse shell

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by theinkbit · poc

https://github.com/theinkbit/CVE-2018-1207

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2018-1207, targeting Dell iDRAC7/iDRAC8 devices with firmware versions prior to 2.52.52.52. The exploit leverages LD_PRELOAD to execute a reverse shell payload as root by uploading a malicious shared object file.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Dell iDRAC7/iDRAC8 (firmware < 2.52.52.52)

No auth needed

Prerequisites: Python 3 · requests module · sh4-linux-gnu-gcc cross-compiler · netcat

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 23, 2026 Full analysis →

nomisec WORKING POC

by hironull · remote

https://github.com/hironull/CVE-2018-1207-better

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2018-1207, targeting Dell iDRAC7/iDRAC8 devices with firmware versions below 2.52.52.52. The exploit achieves remote code execution (RCE) as root by leveraging LD_PRELOAD to load a malicious shared object file, resulting in a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Dell iDRAC7/iDRAC8 (firmware < 2.52.52.52)

No auth needed

Prerequisites: Python3 · requests module · SH4 C Cross-Compiler (gcc-sh4-linux-gnu) · Netcat listener for reverse shell

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Dell iDRAC7/8 Devices - Remote Code Injection

CRITICALby dwisiswant0

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

http://en.community.dell.com/techcenter/extras/m/white_papers/20485410

Third Party Advisory x_refsource_misc

https://twitter.com/nicowaisman/status/977279766792466432

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/103694

Scores

CVSS v3 9.8

EPSS 0.9079

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-04-15

CWE

CWE-94

Status published

Products (2)

dell/emc_idrac7 < 2.52.52.52

dell/emc_idrac8 < 2.52.52.52

Published Mar 23, 2018

Tracked Since Feb 18, 2026