EIP-2026-101852

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101852. PoCs published by emgent.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in My Book World Edition NAS, including remote command execution via command injection in the NTP TIME SERVER field, XSS in multiple pages via the 'lang' parameter, and information disclosure through path exposure. The web server runs with root privileges, escalating the impact of these vulnerabilities.

Description

My Book World Edition NAS - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by emgent · textwebappshardware

https://www.exploit-db.com/exploits/10792

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in My Book World Edition NAS, including remote command execution via command injection in the NTP TIME SERVER field, XSS in multiple pages via the 'lang' parameter, and information disclosure through path exposure. The web server runs with root privileges, escalating the impact of these vulnerabilities.

Classification

Working Poc 90%

Attack Type

Rce | Xss | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: My Book World Edition NAS 01.01.16 with MioNet 2.3.9.13 firmware

Auth required

Prerequisites: Access to the admin interface · Valid credentials for authenticated pages

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1059.004 - Unix Shell T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

My Book World Edition NAS - Multiple Vulnerabilities

Exploitation Summary

Description

Exploits (1)

Details