EIP-2026-101521

PRE-CVE

Alteon OS BBI (Nortell) - Cross-Site Scripting / Cross-Site Request Forgery

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101521. PoCs published by Alexey Sintsov.

AI-analyzed exploit summary The exploit demonstrates XSS and XSRF vulnerabilities in Alteon OS BBI, allowing remote attackers to change switch configurations via crafted HTTP requests and SSH login parameter injection.

Description

Alteon OS BBI (Nortell) - Cross-Site Scripting / Cross-Site Request Forgery

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alexey Sintsov · textwebappshardware

https://www.exploit-db.com/exploits/9975

View Code ZIP pw:eip

The exploit demonstrates XSS and XSRF vulnerabilities in Alteon OS BBI, allowing remote attackers to change switch configurations via crafted HTTP requests and SSH login parameter injection.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Alteon OS BBI (Nortel/Radware) <= 21.0.8.3 and possibly up to 25.1.0.0

No auth needed

Prerequisites: Access to the target switch's BBI interface · Victim interaction for XSS payload execution

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026