EIP-2026-101086

PRE-CVE

SunellSecurity NVR / Camera - Denial of Service

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101086. PoCs published by qwsj.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in SunellSecurity NVR/Cams CGI scripts, causing a denial-of-service (DoS) condition by crashing the web service and rebooting the device. The PoC uses an excessively long string in the 'userName' parameter to trigger the overflow.

Description

SunellSecurity NVR / Camera - Denial of Service

Exploits (1)

exploitdb WORKING POC

by qwsj · textdoshardware

https://www.exploit-db.com/exploits/40687

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in SunellSecurity NVR/Cams CGI scripts, causing a denial-of-service (DoS) condition by crashing the web service and rebooting the device. The PoC uses an excessively long string in the 'userName' parameter to trigger the overflow.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: SunellSecurity NVR/Cams firmware versions 1.6.08-09 / 2.0.06-08

No auth needed

Prerequisites: Network access to the target device · CGI endpoint exposed

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026