CVE-2019-3980

CRITICAL EXPLOITED

Solarwinds Dameware Mini Remote Control 12.1.0.89 - Unauthenticated Remote Code Execution via Smart Card Authentication

Title source: llm

Exploitation Summary

CVE-2019-3980 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including warferik, Barbarisch, CyberQuestor-infosec.

AI-analyzed exploit summary This PoC exploits CVE-2019-3980 in Dameware Remote Support to achieve remote code execution by uploading and executing a custom C# executable via a Python script that handles communication and command execution.

Description

The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.

Exploits (4)

nomisec WORKING POC 18 stars

by warferik · remote-auth

https://github.com/warferik/CVE-2019-3980

View Code ZIP pw:eip

This PoC exploits CVE-2019-3980 in Dameware Remote Support to achieve remote code execution by uploading and executing a custom C# executable via a Python script that handles communication and command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Dameware Remote Support (DWRCS.exe)

No auth needed

Prerequisites: Network access to target on port 6129 · Custom C# executable compiled and configured with attacker IP/port

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by Barbarisch · remote

https://github.com/Barbarisch/CVE-2019-3980

View Code ZIP pw:eip

This repository contains a C++ PoC exploit for CVE-2019-3980, a vulnerability in SolarWinds Dameware Remote Support. The exploit leverages a modified OpenSSL library to perform a Diffie-Hellman key exchange with weakened parameters, enabling remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SolarWinds Dameware Remote Support

No auth needed

Prerequisites: Network access to target · OpenSSL libraries with weakened DH parameters

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by CyberQuestor-infosec · remote

https://github.com/CyberQuestor-infosec/CVE-2019-3980-Open_Net_Admin_v18.1.1_RCE

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2019-3980, targeting OpenNetAdmin v18.1.1. The exploit leverages command injection via the `xajaxargs[]` parameter to achieve unauthenticated remote code execution, delivering a reverse shell.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: OpenNetAdmin 18.1.1

No auth needed

Prerequisites: Target running OpenNetAdmin 18.1.1 · Network access to the target · Attacker-controlled listener for reverse shell

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by boydhacks · remote

https://github.com/boydhacks/dameflare

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2019-3980, an unauthenticated RCE vulnerability in SolarWinds Dameware MRC. The exploit implements the full protocol handshake to bypass smart card authentication and execute arbitrary payloads as SYSTEM.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SolarWinds Dameware MRC 12.0.x (before HF1), 12.1.x (before HF3)

No auth needed

Prerequisites: Network access to TCP/6129 · Vulnerable version of Dameware MRC

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 06, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.tenable.com/security/research/tra-227-43

Third Party Advisory x_refsource_misc

https://www.tenable.com/security/research/tra-2019-43

Scores

CVSS v3 9.8

EPSS 0.0518

EPSS Percentile 91.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-01-28

CWE

CWE-346

Status published

Products (1)

solarwinds/dameware_mini_remote_control 12.1.0.89

Published Oct 08, 2019

Tracked Since Feb 18, 2026