CVE-2018-14529

HIGH

Invoxia NVX220 Firmware - Unauthenticated Exposure of Sensitive Information via CLI Escape

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-14529. PoCs published by r3dlight.

AI-analyzed exploit summary The repository provides a detailed technical walkthrough of CVE-2018-14529, demonstrating how to exploit a vulnerability in a SIP device to achieve remote command execution. It includes screenshots and step-by-step instructions for reading credentials, executing commands via 'pconf', and uploading shellcodes.

Description

Invoxia NVX220 devices allow access to /bin/sh via escape from a restricted CLI, leading to disclosure of password hashes.

Exploits (1)

gitlab WRITEUP

by r3dlight · poc

https://gitlab.com/r3dlight/CVE-2018-14529

View Code ZIP pw:eip

The repository provides a detailed technical walkthrough of CVE-2018-14529, demonstrating how to exploit a vulnerability in a SIP device to achieve remote command execution. It includes screenshots and step-by-step instructions for reading credentials, executing commands via 'pconf', and uploading shellcodes.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SIP device (specific version not mentioned)

No auth needed

Prerequisites: Access to the target device's CLI or web interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://gitlab.com/r3dlight/CVE-2018-14529

Scores

CVSS v3 7.5

EPSS 0.0154

EPSS Percentile 71.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

invoxia/nvx220_firmware

Published Jul 05, 2019

Tracked Since Feb 18, 2026