EIP-2026-106987

PRE-CVE

EyeLock nano NXT 3.5 - Remote Code Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106987. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit targets unauthenticated command injection vulnerabilities in EyeLock nano NXT firmware versions up to 3.5. It leverages the 'timeserver' parameter in the 'rpc.php' script to execute arbitrary commands via shell_exec(), providing root access.

Description

EyeLock nano NXT 3.5 - Remote Code Execution

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · pythonwebappsphp

https://www.exploit-db.com/exploits/40228

View Code ZIP pw:eip

This exploit targets unauthenticated command injection vulnerabilities in EyeLock nano NXT firmware versions up to 3.5. It leverages the 'timeserver' parameter in the 'rpc.php' script to execute arbitrary commands via shell_exec(), providing root access.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: EyeLock nano NXT Firmware <= 3.5

No auth needed

Prerequisites: Network access to the target device · rpc.php script accessible on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026