CVE-2023-38120

HIGH

Adtran SR400ac Firmware - Remote Code Execution via Ping Command Host Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-38120. PoCs published by warber0x.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-38120, targeting a command injection vulnerability in SmartRG routers. The exploit leverages a WebSocket connection to authenticate and execute arbitrary commands via a crafted ping request, establishing a reverse shell.

Description

Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ping command, which is available over JSON-RPC. A crafted host parameter can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20525.

Exploits (1)

nomisec WORKING POC 2 stars
by warber0x · poc
https://github.com/warber0x/CVE-2023-38120

This repository contains a functional exploit for CVE-2023-38120, targeting a command injection vulnerability in SmartRG routers. The exploit leverages a WebSocket connection to authenticate and execute arbitrary commands via a crafted ping request, establishing a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SmartRG sr400ac (Firmware 10.8.8.1/10.8.5.1)
Auth required
Prerequisites: Network access to the target router · Default or known credentials for the 'support' user
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory x_research-advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1010/

Scores

CVSS v3 8.8
EPSS 0.0317
EPSS Percentile 86.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-77 CWE-78
Status published
Products (2)
adtran/sr400ac_firmware 10.8.5.1
adtran/sr400ac_firmware 10.8.8.1
Published May 03, 2024
Tracked Since Feb 18, 2026