EIP-2026-107175

PRE-CVE

Fonality trixbox - 'mac' Remote Code Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107175. PoCs published by i-Hmx.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in Trixbox's endpoint_aastra.php file, allowing unauthenticated remote code execution (RCE) with root privileges via sudo abuse. The vulnerability arises from unsanitized user input in the 'mac' parameter passed to an exec() call.

Description

Fonality trixbox - 'mac' Remote Code Injection

Exploits (1)

exploitdb WORKING POC

by i-Hmx · textwebappsphp

https://www.exploit-db.com/exploits/32263

View Code ZIP pw:eip

This exploit demonstrates a command injection vulnerability in Trixbox's endpoint_aastra.php file, allowing unauthenticated remote code execution (RCE) with root privileges via sudo abuse. The vulnerability arises from unsanitized user input in the 'mac' parameter passed to an exec() call.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Trixbox (all versions)

No auth needed

Prerequisites: Network access to the Trixbox web interface · Default sudo configuration allowing passwordless execution

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026