CVE-2019-6814

CRITICAL EXPLOITED

NET55XX Encoder Firmware < 2.1.9.7 - Improper Authentication

Title source: llm

Exploitation Summary

CVE-2019-6814 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Metasploit, Lucas Dinucci <[email protected]>, Vitor Esperança <[email protected]>, including a Metasploit module exploits/unix/http/schneider_electric_net55xx_encoder.

AI-analyzed exploit summary This Metasploit module exploits inadequate access controls in Schneider Electric Pelco Endura NET55XX Encoder devices to enable SSH and change the root password. It leverages a SOAP-based discovery mechanism to identify vulnerable devices and then sends a crafted HTTP request to modify credentials.

Description

A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteunix

https://www.exploit-db.com/exploits/47186

View Code ZIP pw:eip

This Metasploit module exploits inadequate access controls in Schneider Electric Pelco Endura NET55XX Encoder devices to enable SSH and change the root password. It leverages a SOAP-based discovery mechanism to identify vulnerable devices and then sends a crafted HTTP request to modify credentials.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Schneider Electric Pelco Endura NET55XX Encoder (NET5501, NET5501-I, NET5501-XT, NET5504, NET5500, NET5516, NET5508)

No auth needed

Prerequisites: Network access to the target device · UDP port 3702 accessible for discovery · HTTP access to the web interface

MITRE ATT&CK

T1110 - Brute Force T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Lucas Dinucci <[email protected]>, Vitor Esperança <[email protected]> · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/schneider_electric_net55xx_encoder.rb

View Code ZIP pw:eip

This Metasploit module exploits inadequate access controls in Schneider Electric Pelco Endura NET55XX Encoder devices to enable SSH and change the root password. It uses a SOAP probe to identify vulnerable devices and sends a crafted POST request to modify credentials.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Schneider Electric Pelco Endura NET55XX Encoder (multiple models)

No auth needed

Prerequisites: Network access to the target device · UDP port 3702 accessible for discovery

MITRE ATT&CK

T1110 - Brute Force T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.se.com/ww/en/download/document/SEVD-2019-134-01/

Scores

CVSS v3 9.8

EPSS 0.6693

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-01-13

CWE

CWE-287

Status published

Products (7)

schneider-electric/net5500_firmware < 2.1.9.7

schneider-electric/net5501-i_firmware < 2.1.9.7

schneider-electric/net5501-xt_firmware < 2.1.9.7

schneider-electric/net5501_firmware < 2.1.9.7

schneider-electric/net5504_firmware < 2.1.9.7

schneider-electric/net5508_firmware < 2.1.9.7

schneider-electric/net5516_firmware < 2.1.9.7

Published May 22, 2019

Tracked Since Feb 18, 2026