CVE-2019-25671

HIGH

VA MAX 8.3.4 Remote Code Execution via changeip.php

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25671. PoCs published by Cody Sixteen.

AI-analyzed exploit summary This Python script exploits a post-authentication remote code execution vulnerability in VA MAX 8.3.4 by injecting a malicious payload into the 'mtu_eth0' parameter of the changeip.php endpoint. The payload decodes a base64-encoded reverse shell command, granting the attacker a shell as the 'apache' user, which can then escalate to root via sudo misconfiguration.

Description

VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtu_eth0 parameter. Attackers can send POST requests to the changeip.php endpoint with malicious payload in the mtu_eth0 field to execute commands as the apache user.

Exploits (1)

exploitdb WORKING POC

by Cody Sixteen · pythonwebappsphp

https://www.exploit-db.com/exploits/46348

View Code ZIP pw:eip

This Python script exploits a post-authentication remote code execution vulnerability in VA MAX 8.3.4 by injecting a malicious payload into the 'mtu_eth0' parameter of the changeip.php endpoint. The payload decodes a base64-encoded reverse shell command, granting the attacker a shell as the 'apache' user, which can then escalate to root via sudo misconfiguration.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: VA MAX 8.3.4

Auth required

Prerequisites: Valid credentials for the 'loadbalancer' user · Network access to the target on port 9080

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 07, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit exploit

ExploitDB-46348

https://www.exploit-db.com/exploits/46348

Third Party Advisory third-party-advisory

VulnCheck Advisory: VA MAX 8.3.4 Remote Code Execution via changeip.php

https://www.vulncheck.com/advisories/va-max-remote-code-execution-via-changeip-php

Scores

CVSS v3 8.8

EPSS 0.0066

EPSS Percentile 46.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Products (1)

VA MAX/VA MAX 8.3.4

Published Apr 05, 2026

Tracked Since Apr 06, 2026