cbcvebase.
CVE-2012-10041
published 2025-08-08

CVE-2012-10041: WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shell_exec() with unsanitized input from the pc…

PriorityP275critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
2.92%
85.3th percentile
WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shell_exec() with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The system also includes a SUID-root binary named dosu, which is vulnerable to command injection via its first argument. An attacker can exploit both flaws in sequence to achieve full remote code execution and escalate privileges to root.

Affected

1 ranges
VendorProductVersion rangeFixed in
wan_emulatorwan_emulator

Detection & IOCsextracted from sources · hover to see the quote

path/result.php
filenamedosu
otherpc
  • Monitor HTTP POST requests to result.php containing shell metacharacters or command sequences in the 'pc' parameter, which is passed unsanitized to shell_exec().
  • Alert on execution of the SUID-root binary 'dosu' with attacker-controlled arguments, particularly when spawned from a web server process (www-data), as this is the privilege escalation vector.
  • Look for process chains where www-data spawns shell processes, followed by execution of 'dosu', indicating chained exploitation for root privilege escalation.
  • Unauthenticated POST requests to result.php should be treated as suspicious; no authentication is required to trigger the vulnerability.
  • ·Vulnerability is specific to WAN Emulator version 2.3 only; other versions are not confirmed affected.
  • ·The privilege escalation path requires the 'dosu' binary to be present and configured as SUID root; environments without this binary or without the SUID bit set will not be vulnerable to the root escalation component.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.