EIP-2026-102446

PRE-CVE

REDDOXX Appliance Build 2032 / 2.0.625 - Remote Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102446. PoCs published by RedTeam Pentesting.

AI-analyzed exploit summary This exploit demonstrates a remote command execution vulnerability in the REDDOXX appliance's diagnostic tool, specifically the ping function. The vulnerability arises from insufficient input validation, allowing command injection via the 'count' parameter using operators like '&&' or '||'.

Description

REDDOXX Appliance Build 2032 / 2.0.625 - Remote Command Execution

Exploits (1)

exploitdb WORKING POC

by RedTeam Pentesting · textwebappsjson

https://www.exploit-db.com/exploits/42371

View Code ZIP pw:eip

This exploit demonstrates a remote command execution vulnerability in the REDDOXX appliance's diagnostic tool, specifically the ping function. The vulnerability arises from insufficient input validation, allowing command injection via the 'count' parameter using operators like '&&' or '||'.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: REDDOXX Appliance <= Build 2032 / v2.0.625

No auth needed

Prerequisites: Network access to the REDDOXX appliance · Diagnostic tool enabled

MITRE ATT&CK

T1202 - Indirect Command Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026