CVE-2023-20126

CRITICAL

Cisco SPA112 2-Port Phone Adapters - Unauthenticated Remote Code Execution via Firmware Upgrade Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-20126. PoCs published by fullspectrumdev.

AI-analyzed exploit summary This repository contains a working PoC for CVE-2023-20126, an authentication bypass vulnerability in Cisco SPA112/SPA122 devices. The exploit uploads a malicious firmware image that spawns a root shell on port 23000/tcp.

Description

A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges. Cisco has not released firmware updates to address this vulnerability.

Exploits (1)

nomisec WORKING POC 24 stars

by fullspectrumdev · poc

https://github.com/fullspectrumdev/RancidCrisco

View Code ZIP pw:eip

This repository contains a working PoC for CVE-2023-20126, an authentication bypass vulnerability in Cisco SPA112/SPA122 devices. The exploit uploads a malicious firmware image that spawns a root shell on port 23000/tcp.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Cisco SPA112/SPA122 firmware versions prior to the fix for CVE-2023-20126

No auth needed

Prerequisites: Network access to the target device · A malicious firmware image

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-unauth-upgrade-UqhyTWW

Scores

CVSS v3 9.8

EPSS 0.3815

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-306

Status published

Products (1)

cisco/spa112_firmware 1.4.1 sr9

Published May 04, 2023

Tracked Since Feb 18, 2026