EIP-2026-101562

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101562. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit demonstrates authenticated command injection vulnerabilities in Beward N100 IP Camera via the 'TimeZone' and 'ServerName' parameters in the 'servetest' CGI endpoint, allowing root remote code execution. The PoC uses curl commands to inject arbitrary system commands (e.g., 'id') into these parameters, confirming successful execution with the returned output.

Description

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/46319

View Code ZIP pw:eip

The exploit demonstrates authenticated command injection vulnerabilities in Beward N100 IP Camera via the 'TimeZone' and 'ServerName' parameters in the 'servetest' CGI endpoint, allowing root remote code execution. The PoC uses curl commands to inject arbitrary system commands (e.g., 'id') into these parameters, confirming successful execution with the returned output.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Beward N100 IP Camera M2.1.6.04C014

Auth required

Prerequisites: Network access to the target device · Valid authentication credentials (admin:admin)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution

Exploitation Summary

Description

Exploits (1)

Details