EIP-2026-100785
PRE-CVEDevice42 WAN Emulator 2.3 - Ping Command Injection (Metasploit)
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-100785. PoCs published by Brandon Perry.
AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in WAN Emulator v2.3 by authenticating as an admin and injecting a malicious payload into the 'pingip' parameter, achieving remote code execution.
Description
Device42 WAN Emulator 2.3 - Ping Command Injection (Metasploit)
Exploits (1)
exploitdb
WORKING POC
by Brandon Perry · rubywebappscgi
https://www.exploit-db.com/exploits/35384
This Metasploit module exploits a command injection vulnerability in WAN Emulator v2.3 by authenticating as an admin and injecting a malicious payload into the 'pingip' parameter, achieving remote code execution.
Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:
WAN Emulator v2.3
Auth required
Prerequisites:
Network access to the target · Valid admin credentials (default: 'd42admin'/'default')
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026