EIP-2026-101167

PRE-CVE

Avaya IP Office Manager TFTP Server 8.1 - Directory Traversal

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101167. PoCs published by SecPod Research.

AI-analyzed exploit summary This Python script exploits a directory traversal vulnerability in Avaya IP Office Manager TFTP Server Version 8.1 by sending a crafted TFTP read request with '../' sequences to retrieve arbitrary files (e.g., boot.ini). The exploit demonstrates the vulnerability by reading sensitive files via UDP.

Description

Avaya IP Office Manager TFTP Server 8.1 - Directory Traversal

Exploits (1)

exploitdb WORKING POC VERIFIED
by SecPod Research · pythonremotehardware
https://www.exploit-db.com/exploits/17507

This Python script exploits a directory traversal vulnerability in Avaya IP Office Manager TFTP Server Version 8.1 by sending a crafted TFTP read request with '../' sequences to retrieve arbitrary files (e.g., boot.ini). The exploit demonstrates the vulnerability by reading sensitive files via UDP.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Avaya IP Office Manager TFTP Server Version 8.1
No auth needed
Prerequisites: Network access to the TFTP server (UDP port 69) · Target running Avaya IP Office Manager TFTP Server Version 8.1
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026