EIP-2026-101494
PRE-CVEWestern Digital's WD TV Live SMP/Hub - Privilege Escalation
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-101494. PoCs published by Wolfgang Borst.
AI-analyzed exploit summary This exploit leverages a file inclusion vulnerability in the WD TV Live Streaming Media Player's web interface, combined with arbitrary file upload via theme customization, to execute a root shell. The PoC uploads a malicious PHP file via a zip archive and triggers its execution through a crafted cookie.
Description
Western Digital's WD TV Live SMP/Hub - Privilege Escalation
Exploits (1)
This exploit leverages a file inclusion vulnerability in the WD TV Live Streaming Media Player's web interface, combined with arbitrary file upload via theme customization, to execute a root shell. The PoC uploads a malicious PHP file via a zip archive and triggers its execution through a crafted cookie.