CVE-2022-40624

CRITICAL NUCLEI

pfSense pfBlockerNG <= 2.1.4_27 - Remote Code Execution via HTTP Host Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-40624. PoCs published by dhammon. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC demonstrates an unauthenticated remote code execution (RCE) vulnerability in pfBlockerNg due to unsanitized user input in the Host header being passed to an exec function. The exploit leverages command injection via the Host header to execute arbitrary commands on the target system.

Description

pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814.

Exploits (1)

nomisec WORKING POC 2 stars
by dhammon · poc
https://github.com/dhammon/pfBlockerNg-CVE-2022-40624

This PoC demonstrates an unauthenticated remote code execution (RCE) vulnerability in pfBlockerNg due to unsanitized user input in the Host header being passed to an exec function. The exploit leverages command injection via the Host header to execute arbitrary commands on the target system.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: pfBlockerNg < 2.1.4_27
No auth needed
Prerequisites: HTTP access to pfSense web console
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

pfSense pfBlockerNG - OS Command Injection
CRITICALby ritikchaddha
Shodan: pfBlockerNG
FOFA: pfBlockerNG

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.1711
EPSS Percentile 96.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-78
Status published
Products (1)
pfsense/pfblockerng < 2.1.4_27
Published Dec 20, 2022
Tracked Since Feb 18, 2026