EIP-2026-101905

PRE-CVE

OpenPLI 3.0 Beta (OpenPLi-beta-dm7000-20130127-272) - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101905. PoCs published by m-1-k-3.

AI-analyzed exploit summary This advisory describes an OS command injection vulnerability in OpenPLI software (v3.0 beta and below) via the 'maxmtu' parameter in the web interface, allowing arbitrary command execution. It also mentions a stored XSS vulnerability in the 'AuthUser', 'AuthPassword', and 'audiochannelspriority' parameters.

Description

OpenPLI 3.0 Beta (OpenPLi-beta-dm7000-20130127-272) - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by m-1-k-3 · textwebappshardware

https://www.exploit-db.com/exploits/24498

View Code ZIP pw:eip

This advisory describes an OS command injection vulnerability in OpenPLI software (v3.0 beta and below) via the 'maxmtu' parameter in the web interface, allowing arbitrary command execution. It also mentions a stored XSS vulnerability in the 'AuthUser', 'AuthPassword', and 'audiochannelspriority' parameters.

Classification

Writeup 90%

Attack Type

Rce | Xss

Complexity

Trivial

Reliability

Reliable

Target: OpenPLI v3.0 beta (OpenPLi-beta-dm7000-20130127-272) and below

No auth needed

Prerequisites: Network access to the target device · Web interface exposed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026