CVE-2023-30350

HIGH

FS S3900-24T4S - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-30350. PoCs published by Daniele Linguaglossa.

AI-analyzed exploit summary This exploit leverages a privilege escalation vulnerability in FS-S3900-24T4S switches by authenticating as a guest user and then escalating to admin privileges with an empty password. It uses Telnet to interact with the device and modify the configuration.

Description

FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password.

Exploits (1)

exploitdb WORKING POC

by Daniele Linguaglossa · pythonlocalhardware

https://www.exploit-db.com/exploits/51414

View Code ZIP pw:eip

This exploit leverages a privilege escalation vulnerability in FS-S3900-24T4S switches by authenticating as a guest user and then escalating to admin privileges with an empty password. It uses Telnet to interact with the device and modify the configuration.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: FS-S3900-24T4S (latest version)

Auth required

Prerequisites: Telnet access to the target device · Guest credentials (guest/guest)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/172124/FS-S3900-24T4S-Privilege-Escalation.html

Scores

CVSS v3 8.8

EPSS 0.0534

EPSS Percentile 91.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

Status published

Products (1)

fs/s3900_24t4s_firmware

Published May 29, 2023

Tracked Since Feb 18, 2026