This exploit targets unauthenticated command injection vulnerabilities in EyeLock nano NXT firmware versions up to 3.5. It leverages the 'timeserver' parameter in the 'rpc.php' script to execute arbitrary commands via shell_exec(), providing root access.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:EyeLock nano NXT Firmware <= 3.5
No auth needed
Prerequisites:Network access to the target device · rpc.php script accessible on the target