CVE-2020-8657

CRITICAL KEV NUCLEI

EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution

Title source: metasploit

Exploitation Summary

CVE-2020-8657 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 1 public exploit from researchers including Metasploit. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits multiple vulnerabilities in EyesOfNetwork (CVE-2020-8654, CVE-2020-8655, CVE-2020-8656, CVE-2020-8657) to achieve remote command execution as root. It leverages a command injection in the AutoDiscovery feature, combined with privilege escalation via Nmap's sudo permissions, and includes authentication bypass methods via hardcoded API keys and SQL injection.

Description

An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/48169

View Code ZIP pw:eip

This Metasploit module exploits multiple vulnerabilities in EyesOfNetwork (CVE-2020-8654, CVE-2020-8655, CVE-2020-8656, CVE-2020-8657) to achieve remote command execution as root. It leverages a command injection in the AutoDiscovery feature, combined with privilege escalation via Nmap's sudo permissions, and includes authentication bypass methods via hardcoded API keys and SQL injection.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: EyesOfNetwork <= 5.3 (API version <= 2.4.2)

No auth needed

Prerequisites: Network access to the EyesOfNetwork web interface · Nmap installed on the target system with sudo permissions for the apache user

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation T1110 - Brute Force T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

EyesOfNetwork - Hardcoded API Key

CRITICALVERIFIEDby daffainfo

Shodan: html:"EyesOfNetwork"

FOFA: title="EyesOfNetwork"

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://github.com/EyesOfNetworkCommunity/eonapi/issues/17

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8657

Scores

CVSS v3 9.8

EPSS 0.8886

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-11-03

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2020-29505

CWE

CWE-798

Status published

Products (1)

eyesofnetwork/eyesofnetwork 5.3-0

Published Feb 06, 2020

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026