CVE-2018-5234

HIGH

Norton Core <v237 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2018-5234. PoCs published by embedi, saruman9.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in the BLE service of the Norton Core Secure WiFi Router. It leverages Bluetooth Low Energy (BLE) to execute arbitrary commands, such as starting an SSH service, allowing remote access with root privileges.

Description

The Norton Core router prior to v237 may be susceptible to a command injection exploit. This is a type of attack in which the goal is execution of arbitrary commands on the host system via vulnerable software.

Exploits (3)

exploitdb WORKING POC

by embedi · textremotehardware

https://www.exploit-db.com/exploits/44574

View Code ZIP pw:eip

This exploit demonstrates a command injection vulnerability in the BLE service of the Norton Core Secure WiFi Router. It leverages Bluetooth Low Energy (BLE) to execute arbitrary commands, such as starting an SSH service, allowing remote access with root privileges.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Norton Core Secure WiFi Router

No auth needed

Prerequisites: GNU/Linux OS · Bluetooth dongle adapter · BlueZ utility · Python dependencies · Root privileges for Bluetooth operations

MITRE ATT&CK

T1202 - Indirect Command Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 31 stars

by embedi · poc

https://github.com/embedi/ble_norton_core

View Code ZIP pw:eip

This PoC demonstrates a command injection vulnerability in the BLE service of Norton Core Secure WiFi Router (CVE-2018-5234). It exploits the vulnerability to execute arbitrary commands, such as starting an SSH service, via Bluetooth Low Energy (BLE) communication.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Norton Core Secure WiFi Router

No auth needed

Prerequisites: Bluetooth dongle adapter · BlueZ utility · Physical proximity to the target device

MITRE ATT&CK

T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by saruman9 · poc

https://github.com/saruman9/ble_connect_rust

View Code ZIP pw:eip

This Rust-based PoC exploits CVE-2018-5234 by crafting encrypted BLE (Bluetooth Low Energy) messages to interact with a vulnerable device. It uses AES-CBC encryption with PBKDF2-derived keys and HMAC for authentication, demonstrating the ability to send arbitrary commands to the target.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Unknown BLE device (likely a specific IoT or embedded system)

Auth required

Prerequisites: 6-digit serial number of the target device · ACK_UNLOCK response from the device · BLE connectivity to the target

MITRE ATT&CK

T1210 - Exploitation of Remote Services T1110 - Brute Force

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20180430_00

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44574/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/103955

Scores

CVSS v3 8.0

EPSS 0.1671

EPSS Percentile 96.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

symantec/norton_core_firmware < 237

Published Apr 30, 2018

Tracked Since Feb 18, 2026