EIP-2026-104258

PRE-CVE

Friendly Technologies TR-069 ACS 2.8.9 - Login SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104258. PoCs published by Yaniv Miron.

AI-analyzed exploit summary The document describes an SQL injection vulnerability in Friendly Technologies TR-069 ACS 2.8.9, where unsanitized user input in the login form allows authentication bypass via classic SQLi payloads. It provides example payloads but lacks deeper technical analysis or exploit code.

Description

Friendly Technologies TR-069 ACS 2.8.9 - Login SQL Injection

Exploits (1)

exploitdb WRITEUP VERIFIED

by Yaniv Miron · textwebappsmultiple

https://www.exploit-db.com/exploits/33731

View Code ZIP pw:eip

The document describes an SQL injection vulnerability in Friendly Technologies TR-069 ACS 2.8.9, where unsanitized user input in the login form allows authentication bypass via classic SQLi payloads. It provides example payloads but lacks deeper technical analysis or exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Friendly Technologies TR-069 ACS 2.8.9

No auth needed

Prerequisites: Network access to the TR-069 ACS login interface

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026