EIP-2026-100980

PRE-CVE

Alice Modem 1111 - 'rulename' Cross-Site Scripting / Denial of Service

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100980. PoCs published by Moritz Naumann.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in the Alice Modem by injecting malicious script tags into the 'rulename' parameter of the 'natAdd' endpoint. The PoC includes URLs that trigger the XSS payload when accessed.

Description

Alice Modem 1111 - 'rulename' Cross-Site Scripting / Denial of Service

Exploits (1)

exploitdb WORKING POC VERIFIED

by Moritz Naumann · textdoshardware

https://www.exploit-db.com/exploits/35939

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in the Alice Modem by injecting malicious script tags into the 'rulename' parameter of the 'natAdd' endpoint. The PoC includes URLs that trigger the XSS payload when accessed.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Alice Modem (version unspecified)

No auth needed

Prerequisites: Network access to the vulnerable Alice Modem

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026