CVE-2018-6940

MEDIUM

nat32 - Remote Code Execution via /shell?cmd= XSS and CSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-6940. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates remote command execution (RCE) in NAT32 Build 22284 via unauthenticated HTTP requests to the web interface on port 8080. It also includes an XSS-based bypass for environments where basic authentication is enabled.

Description

A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF.

Exploits (1)

exploitdb WORKING POC
by hyp3rlinx · textwebappswindows
https://www.exploit-db.com/exploits/44033

This exploit demonstrates remote command execution (RCE) in NAT32 Build 22284 via unauthenticated HTTP requests to the web interface on port 8080. It also includes an XSS-based bypass for environments where basic authentication is enabled.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: NAT32 Build 22284
No auth needed
Prerequisites: Network access to port 8080 on the target · NAT32 web interface enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44033/
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/541777/100/0/threaded

Scores

CVSS v3 6.1
EPSS 0.0289
EPSS Percentile 85.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-352 CWE-79
Status published
Products (1)
nat32/nat32 2.2
Published Feb 20, 2018
Tracked Since Feb 18, 2026