CVE-2022-4510

HIGH

binwalk 2.1.2b-2.3.3 - Path Traversal and Remote Code Execution via Malicious PFS Filesystem

Title source: llm

Exploitation Summary

EIP tracks 4 public exploits for CVE-2022-4510. PoCs published by Etienne Lacoche, adhikara13, electr0sm0g.

AI-analyzed exploit summary This exploit leverages a vulnerability in Binwalk (versions 2.1.2b through 2.3.2) to achieve remote command execution by embedding a malicious Python plugin within a crafted PNG file. The plugin executes a reverse shell via netcat when processed by Binwalk.

Description

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b through 2.3.3 included.

Exploits (4)

exploitdb WORKING POC

by Etienne Lacoche · pythonremotepython

https://www.exploit-db.com/exploits/51249

View Code ZIP pw:eip

This exploit leverages a vulnerability in Binwalk (versions 2.1.2b through 2.3.2) to achieve remote command execution by embedding a malicious Python plugin within a crafted PNG file. The plugin executes a reverse shell via netcat when processed by Binwalk.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Binwalk 2.1.2b through 2.3.2

No auth needed

Prerequisites: A crafted PNG file with embedded malicious plugin · Victim must process the file with Binwalk · Attacker must have a netcat listener set up

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059.004 - Unix Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 14 stars

by adhikara13 · poc

https://github.com/adhikara13/CVE-2022-4510-WalkingPath

View Code ZIP pw:eip

This repository contains a Python script that generates exploits for CVE-2022-4510, a vulnerability in Binwalk. The script can create payloads for SSH key injection, command execution, or reverse shells by embedding malicious code in a PNG file.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Binwalk (version not specified)

No auth needed

Prerequisites: Python 3.x · Input PNG file · Public key file (for SSH option) · Listener IP and port (for reverse shell option)

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 9 stars

by electr0sm0g · poc

https://github.com/electr0sm0g/CVE-2022-4510

View Code ZIP pw:eip

This PoC exploits CVE-2022-4510 in Binwalk by crafting a malicious PNG file with embedded Python code that triggers remote command execution via a reverse shell when processed by Binwalk. The exploit leverages Binwalk's plugin system to execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Binwalk 2.1.2b through 2.3.2

No auth needed

Prerequisites: A vulnerable version of Binwalk · Ability to deliver the malicious PNG file to the target

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by Kalagious · poc

https://github.com/Kalagious/BadPfs-CVE-2022-4510

View Code ZIP pw:eip

This Python script generates a malicious PFS file to exploit CVE-2022-4510, a path traversal vulnerability in binwalk. It allows arbitrary file overwrite with binwalk's permissions, potentially leading to privilege escalation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: binwalk (versions affected by CVE-2022-4510)

No auth needed

Prerequisites: binwalk installed on target system · ability to execute binwalk with -e flag on crafted PFS file

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1222 - File and Directory Permissions Modification

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Patch, Third Party Advisory

https://github.com/ReFirmLabs/binwalk/pull/617

Mailing List

https://lists.debian.org/debian-lts-announce/2025/12/msg00022.html

Third Party Advisory

https://security.gentoo.org/glsa/202309-07

Scores

CVSS v3 7.8

EPSS 0.4457

EPSS Percentile 97.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Products (2)

microsoft/binwalk 2.2.0 - 2.3.3

pypi/binwalk 2.1.2bPyPI

Published Jan 26, 2023

Tracked Since Feb 18, 2026