EIP-2026-117999

PRE-CVE

Telefonica O2 Connection Manager 3.4 - Local Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117999. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit details a local privilege escalation vulnerability in Telefonica O2 Connection Manager 3.4 due to improper directory permissions, allowing any user to replace executable files with malicious binaries. The writeup includes directory and file permission listings confirming world-writable access.

Description

Telefonica O2 Connection Manager 3.4 - Local Privilege Escalation

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textlocalwindows

https://www.exploit-db.com/exploits/34966

View Code ZIP pw:eip

The exploit details a local privilege escalation vulnerability in Telefonica O2 Connection Manager 3.4 due to improper directory permissions, allowing any user to replace executable files with malicious binaries. The writeup includes directory and file permission listings confirming world-writable access.

Classification

Writeup 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Telefonica O2 Connection Manager 3.4.R1 (108)

No auth needed

Prerequisites: Local access to the system · O2 Connection Manager 3.4 installed

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026