EIP-2026-101187

PRE-CVE

CERIO DT-100G-N/DT-300N/CW-300N - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101187. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in the CERIO Wireless Router's restricted shell (pekcmd) via the ping command, allowing an attacker to escape to a root shell. The vulnerability is due to insufficient input validation in the check_shellchars function.

Description

CERIO DT-100G-N/DT-300N/CW-300N - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textremotehardware

https://www.exploit-db.com/exploits/42079

View Code ZIP pw:eip

This exploit demonstrates a command injection vulnerability in the CERIO Wireless Router's restricted shell (pekcmd) via the ping command, allowing an attacker to escape to a root shell. The vulnerability is due to insufficient input validation in the check_shellchars function.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: CERIO DT-100G-N, DT-300N, CW-300N, Kozumi (firmware versions Cen-WR-G2H5 v1.0.6, Cen-CPE-N2H10A v1.0.14/v1.1.6, Cen-CPE-N2H10A v1.0.22, Cen-CPE-N5H5R v1.1.1)

Auth required

Prerequisites: Access to the device's shell via telnet/SSH with default credentials (root:default)

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026