CVE-2020-13945

MEDIUM NUCLEI

Apache APISIX <1.6 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2020-13945. PoCs published by K3ysTr0K3R, YutuSec, including Metasploit module exploits/multi/http/apache_apisix_api_default_token_rce. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a functional exploit for CVE-2020-13945, targeting Apache APISIX versions 1.2 to 1.5. It plants a backdoor via the Admin API and executes a reverse shell payload.

Description

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.

Exploits (3)

nomisec WORKING POC 10 stars

by K3ysTr0K3R · poc

https://github.com/K3ysTr0K3R/CVE-2020-13945-EXPLOIT

View Code ZIP pw:eip

This is a functional exploit for CVE-2020-13945, targeting Apache APISIX versions 1.2 to 1.5. It plants a backdoor via the Admin API and executes a reverse shell payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache APISIX 1.2, 1.3, 1.4, 1.5

No auth needed

Prerequisites: Admin API enabled · Default token not changed · No IP restrictions on Admin API

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 7 stars

by YutuSec · poc

https://github.com/YutuSec/Apisix_Crack

View Code ZIP pw:eip

This repository contains a Go-based exploit for CVE-2021-45232, an unauthenticated API access vulnerability in Apache APISIX. The PoC checks for unauthenticated access to the admin API and demonstrates command execution via route manipulation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache APISIX (versions affected by CVE-2021-45232)

No auth needed

Prerequisites: Network access to the APISIX admin interface · Admin API endpoint exposed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/apache_apisix_api_default_token_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2022-24112 in Apache APISIX by leveraging a default admin API token to achieve remote code execution via LUA script injection. It also bypasses IP restrictions using batch requests.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache APISIX 2.x

Auth required

Prerequisites: Default admin API token (edd1c9f034335f136f87ad84b625c8f1) · Access to the admin API endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Apache APISIX - Insufficiently Protected Credentials

MEDIUMby pdteam

Shodan: http.title:"apache apisix dashboard"

FOFA: title="apache apisix dashboard"

References (2)

Core 2

Core References

Mailing List, Patch, Vendor Advisory x_refsource_confirm

https://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3Cdev.apisix.apache.org%3E

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html

Scores

CVSS v3 6.5

EPSS 0.7298

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (1)

apache/apisix 1.2 - 1.5

Published Dec 07, 2020

Tracked Since Feb 18, 2026