EIP-2026-101487

PRE-CVE

U.S.Robotics USR5463 0.06 Firmware - 'setup_ddns.exe' HTML Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101487. PoCs published by SH4V.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in U.S. Robotics USR5463 firmware by injecting malicious JavaScript into the DDNS configuration form. The payload submits a form with a script tag that triggers an alert, proving arbitrary code execution in the context of the router's web interface.

Description

U.S.Robotics USR5463 0.06 Firmware - 'setup_ddns.exe' HTML Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by SH4V · textremotehardware

https://www.exploit-db.com/exploits/34018

View Code ZIP pw:eip

This exploit demonstrates a persistent XSS vulnerability in U.S. Robotics USR5463 firmware by injecting malicious JavaScript into the DDNS configuration form. The payload submits a form with a script tag that triggers an alert, proving arbitrary code execution in the context of the router's web interface.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: U.S. Robotics USR5463 firmware versions USR5463-v0_01.bin to USR5463-v0_06.bin

No auth needed

Prerequisites: Network access to the router's web interface · Victim interaction to trigger the form submission

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026