EIP-2026-101257

PRE-CVE

Drobo 5N2 4.1.1 - Remote Command Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101257. PoCs published by Ian Sindermann.

AI-analyzed exploit summary This Python script exploits a remote command injection vulnerability in Drobo 5N2 NAS devices (firmware 4.1.1 and lower) by leveraging unauthenticated access to the NASd service. It includes multiple payloads for actions like installing applications, resetting credentials, and spawning root shells via crafted XML commands.

Description

Drobo 5N2 4.1.1 - Remote Command Injection

Exploits (1)

exploitdb WORKING POC

by Ian Sindermann · pythonremotehardware

https://www.exploit-db.com/exploits/48214

View Code ZIP pw:eip

This Python script exploits a remote command injection vulnerability in Drobo 5N2 NAS devices (firmware 4.1.1 and lower) by leveraging unauthenticated access to the NASd service. It includes multiple payloads for actions like installing applications, resetting credentials, and spawning root shells via crafted XML commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Drobo 5N2 NAS firmware 4.1.1 and lower

No auth needed

Prerequisites: Network access to the Drobo NASd service (ports 5000/5001) · Target device serial number

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026