CVE-2018-15138

HIGH EXPLOITED NUCLEI

Ericsson-LG iPECS NMS 30M - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2018-15138 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Safak Aslan. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in LG-Ericsson iPECS NMS 30M, allowing unauthorized access to sensitive files like /etc/passwd via crafted GET requests. The PoC provides clear examples of manipulating the 'filename' and 'filepath' parameters to traverse directories.

Description

Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs.

Exploits (1)

exploitdb WORKING POC
by Safak Aslan · textwebappslinux
https://www.exploit-db.com/exploits/45167

This exploit demonstrates a directory traversal vulnerability in LG-Ericsson iPECS NMS 30M, allowing unauthorized access to sensitive files like /etc/passwd via crafted GET requests. The PoC provides clear examples of manipulating the 'filename' and 'filepath' parameters to traverse directories.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: LG-Ericsson iPECS NMS 30M-B.2Ia and 30M-2.3Gn
No auth needed
Prerequisites: Network access to the target system · Vulnerable version of iPECS NMS 30M
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

LG-Ericsson iPECS NMS 30M - Local File Inclusion
HIGHby 0x_Akoko

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45167/

Scores

CVSS v3 7.5
EPSS 0.1285
EPSS Percentile 95.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-11-26
CWE
CWE-22
Status published
Products (2)
ericssonlg/ipecs_nms 30m-2.3gn
ericssonlg/ipecs_nms 30m-b.2ia
Published Aug 15, 2018
Tracked Since Feb 18, 2026