EIP-2026-104425

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104425. PoCs published by prdelka.

AI-analyzed exploit summary This writeup details multiple vulnerabilities in SedSystems D3 Decimator, including hardcoded credentials, arbitrary file download via a hidden API endpoint, and arbitrary code execution through a flawed firmware update mechanism. The analysis includes technical specifics such as API interactions, firmware reverse engineering, and exploit steps.

Description

SedSystems D3 Decimator - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by prdelka · textwebappsmultiple

https://www.exploit-db.com/exploits/41877

View Code ZIP pw:eip

This writeup details multiple vulnerabilities in SedSystems D3 Decimator, including hardcoded credentials, arbitrary file download via a hidden API endpoint, and arbitrary code execution through a flawed firmware update mechanism. The analysis includes technical specifics such as API interactions, firmware reverse engineering, and exploit steps.

Classification

Writeup 95%

Attack Type

Rce | Auth Bypass | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: SedSystems D3 Decimator (firmware versions up to at least 3.0.12-1)

Auth required

Prerequisites: Network access to TCP port 9784 · Default admin credentials (admin/admin) · Ability to upload a crafted tarball

MITRE ATT&CK

T1078 - Valid Accounts T1190 - Exploit Public-Facing Application T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

SedSystems D3 Decimator - Multiple Vulnerabilities

Exploitation Summary

Description

Exploits (1)

Details