CVE-2020-8654

HIGH NUCLEI

EyesOfNetwork <5.3 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2020-8654. PoCs published by Clément Billac, bcoles, Erik Wynter, including Metasploit module exploits/linux/http/eyesofnetwork_autodiscovery_rce. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a multi-stage attack against EyesOfNetwork 5.3, chaining SQL injection (CVE-2020-8656) for authentication bypass, arbitrary user creation, and remote code execution (CVE-2020-8654) via command injection in the discovery module, followed by local privilege escalation (CVE-2020-8655) using a malicious NSE script executed by nmap with sudo privileges.

Description

An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field.

Exploits (3)

exploitdb WORKING POC
webappsphp
https://www.exploit-db.com/exploits/48025

This exploit demonstrates a multi-stage attack against EyesOfNetwork 5.3, chaining SQL injection (CVE-2020-8656) for authentication bypass, arbitrary user creation, and remote code execution (CVE-2020-8654) via command injection in the discovery module, followed by local privilege escalation (CVE-2020-8655) using a malicious NSE script executed by nmap with sudo privileges.

Classification
Working Poc 95%
Attack Type
Rce | Lpe | Sqli | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: EyesOfNetwork 5.3 (API v2.4.2)
No auth needed
Prerequisites: Network access to the EyesOfNetwork web interface · Nmap installed on the target system with sudo privileges for the apache user
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
rubyremotemultiple
https://www.exploit-db.com/exploits/48169

This Metasploit module exploits multiple vulnerabilities in EyesOfNetwork (CVE-2020-8654, CVE-2020-8655, CVE-2020-8656, CVE-2020-8657) to achieve remote command execution as root. It leverages command injection in the AutoDiscovery feature, privilege escalation via Nmap, and authentication bypass techniques (SQLi and hardcoded API key).

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: EyesOfNetwork <= 5.3 (API version <= 2.4.2)
No auth needed
Prerequisites: Network access to the target · EyesOfNetwork web interface exposed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Clément Billac, bcoles, Erik Wynter · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/eyesofnetwork_autodiscovery_rce.rb

This Metasploit module exploits multiple vulnerabilities in EyesOfNetwork (CVE-2020-8654, CVE-2020-8655, CVE-2020-8656, CVE-2020-8657, CVE-2020-9465) to achieve remote command execution as root via command injection in the AutoDiscovery feature and privilege escalation through Nmap.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: EyesOfNetwork 5.1, 5.2, 5.3
No auth needed
Prerequisites: Network access to the target · EyesOfNetwork version 5.1, 5.2, or 5.3
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution
HIGHby praetorian-thendrickson

References (3)

Core 3
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/EyesOfNetworkCommunity/eonweb/issues/50
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html

Scores

CVSS v3 8.8
EPSS 0.9191
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
eyesofnetwork/eyesofnetwork 5.3-0
Published Feb 07, 2020
Tracked Since Feb 18, 2026