CVE-2018-18852

HIGH EXPLOITED IN THE WILD

Cerio DT-300N 1.1.6-1.1.12 - OS Command Injection via PING Feature

Title source: llm

Exploitation Summary

CVE-2018-18852 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 2 public exploits from researchers including hook-s3c, andripwn.

AI-analyzed exploit summary This is a Python-based exploit for CVE-2018-18852, targeting CERIO routers with authenticated remote code execution (RCE) via vendor default credentials. The exploit leverages a command injection vulnerability in the router's web interface to execute arbitrary commands as root.

Description

Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018.

Exploits (2)

nomisec WORKING POC 46 stars

by hook-s3c · remote

https://github.com/hook-s3c/CVE-2018-18852

View Code ZIP pw:eip

This is a Python-based exploit for CVE-2018-18852, targeting CERIO routers with authenticated remote code execution (RCE) via vendor default credentials. The exploit leverages a command injection vulnerability in the router's web interface to execute arbitrary commands as root.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: CERIO routers (DT300N, DT100G, AMR-3204, WMR-200N) with various firmware versions

Auth required

Prerequisites: Network access to the target router · Valid credentials (default or known)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by andripwn · remote

https://github.com/andripwn/CVE-2018-18852

View Code ZIP pw:eip

This is a Python PoC for CVE-2018-18852, an authenticated RCE vulnerability in CERIO routers. It exploits a command injection flaw in the PING CGI endpoint to execute arbitrary commands as root.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: CERIO routers (DT300N, DT100G, AMR-3204, WMR-200N)

Auth required

Prerequisites: Network access to the router · Valid credentials (default or known)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://www.fortiguard.com/zeroday/FG-VD-18-149

Scores

CVSS v3 8.8

EPSS 0.7082

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2019-06-18

InTheWild.io 2019-06-18

CWE

CWE-78

Status published

Products (1)

cerio/dt-300n_firmware 1.1.6 - 1.1.12

Published Jun 18, 2019

Tracked Since Feb 18, 2026