CVE-2023-27253

HIGH

Netgate pfSense <2.7.0 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-27253. PoCs published by Emir Polat, including Metasploit module exploits/unix/http/pfsense_config_data_exec.

AI-analyzed exploit summary This Metasploit module exploits an authenticated command injection vulnerability in pfSense's restore_rrddata() function, allowing arbitrary OS command execution as root. It leverages CSRF token handling and file upload manipulation to inject payloads.

Description

A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.

Exploits (2)

exploitdb WORKING POC

by Emir Polat · rubywebappsphp

https://www.exploit-db.com/exploits/51608

View Code ZIP pw:eip

This Metasploit module exploits an authenticated command injection vulnerability in pfSense's restore_rrddata() function, allowing arbitrary OS command execution as root. It leverages CSRF token handling and file upload manipulation to inject payloads.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: pfSense < 2.7.0-RELEASE

Auth required

Prerequisites: Valid pfSense credentials · WebCfg - Diagnostics: Backup & Restore privilege

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Emir Polat · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/pfsense_config_data_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated command injection vulnerability in pfSense's restore_rrddata() function, allowing root-level command execution. It leverages CSRF token handling and multipart form data to inject payloads into the backup/restore functionality.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: pfSense < 2.7.0-RELEASE

Auth required

Prerequisites: Valid pfSense credentials with 'WebCfg - Diagnostics: Backup & Restore' privileges · Network access to pfSense web interface (HTTPS)

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch

https://github.com/pfsense/pfsense/commit/ca80d18493f8f91b21933ebd6b714215ae1e5e94

View Patch ZIP pw:eip

Issue Tracking, Patch, Vendor Advisory

https://redmine.pfsense.org/issues/13935

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/173487/pfSense-Restore-RRD-Data-Command-Injection.html

Scores

CVSS v3 8.8

EPSS 0.7915

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-91

Status published

Products (1)

netgate/pfsense 2.7.0

Published Mar 17, 2023

Tracked Since Feb 18, 2026