EIP-2026-101159

PRE-CVE

ASKEY RTF3505VW-N1 - Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101159. PoCs published by Leonardo Nicolas Servalli.

AI-analyzed exploit summary This exploit leverages a privilege escalation vulnerability in ASKEY RTF3505VW-N1 routers by injecting ';/bin/bash' via port 80 and using tcpdump's -z flag to execute arbitrary commands, ultimately spawning a reverse shell. It requires SSH access and exploits improper handling of the -z flag in tcpdump.

Description

ASKEY RTF3505VW-N1 - Privilege Escalation

Exploits (1)

exploitdb WORKING POC

by Leonardo Nicolas Servalli · bashremotehardware

https://www.exploit-db.com/exploits/51155

View Code ZIP pw:eip

This exploit leverages a privilege escalation vulnerability in ASKEY RTF3505VW-N1 routers by injecting ';/bin/bash' via port 80 and using tcpdump's -z flag to execute arbitrary commands, ultimately spawning a reverse shell. It requires SSH access and exploits improper handling of the -z flag in tcpdump.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: ASKEY RTF3505VW-N1 Firmware BR_SV_g000_R3505VMN1001_s32_7

Auth required

Prerequisites: SSH access to the router · tcpdump binary present on the device · Network connectivity to the target

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026