EIP-2026-104277

PRE-CVE

i3 International Annexxus Cameras Ax-n 5.2.0 - Application Logic Flaw

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104277. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit demonstrates an application logic flaw in i3 International Annexxus Cameras, allowing privilege escalation by manipulating user permissions via PUT and DELETE requests. It bypasses server-side validation to create a second administrator account or delete existing ones.

Description

i3 International Annexxus Cameras Ax-n 5.2.0 - Application Logic Flaw

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappsmultiple

https://www.exploit-db.com/exploits/50473

View Code ZIP pw:eip

The exploit demonstrates an application logic flaw in i3 International Annexxus Cameras, allowing privilege escalation by manipulating user permissions via PUT and DELETE requests. It bypasses server-side validation to create a second administrator account or delete existing ones.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: i3 International Annexxus Cameras Ax-n 5.2.0

Auth required

Prerequisites: Default admin credentials ('i3admin:i3admin') · Network access to the camera's web interface

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026