EIP-2026-103877

PRE-CVE

BroadWorks - Call Detail Record Security Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103877. PoCs published by Nick Freeman.

AI-analyzed exploit summary This Python script acts as a proxy to intercept and modify BroadWorks CAP protocol traffic, allowing an attacker to bypass security restrictions and monitor calls of users in other enterprise groups. It automates the injection of monitoring requests by modifying XML payloads to exploit a security-bypass vulnerability in BroadWorks versions R16 and prior.

Description

BroadWorks - Call Detail Record Security Bypass

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nick Freeman · pythonremotemultiple

https://www.exploit-db.com/exploits/34949

View Code ZIP pw:eip

This Python script acts as a proxy to intercept and modify BroadWorks CAP protocol traffic, allowing an attacker to bypass security restrictions and monitor calls of users in other enterprise groups. It automates the injection of monitoring requests by modifying XML payloads to exploit a security-bypass vulnerability in BroadWorks versions R16 and prior.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: BroadWorks R16 and prior

Auth required

Prerequisites: Valid user credentials with AttendantConsole privileges · Network access to BroadWorks server

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1040 - Network Sniffing

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026