cbcvebase.
CVE-2013-0928
published 2013-01-21

CVE-2013-0928: The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary…

PriorityP274critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
34.47%
98.2th percentile
The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation.

Affected

1 ranges
VendorProductVersion rangeFixed in
emcalphastor

Detection & IOCsextracted from sources · hover to see the quote

port3000
processrrobotd.exe
command\x75~ mminfo &cmd.exe /c <cmd>
bytes
\x75
  • Monitor TCP port 3000 for connections to rrobotd.exe (EMC AlphaStor Device Manager). Packets beginning with opcode byte 0x75 followed by shell metacharacters (e.g., '&', 'cmd.exe') are indicative of exploitation attempts.
  • A check response of 'Could not fork command' from rrobotd.exe on port 3000 indicates the target is vulnerable and the opcode 0x75 command injection path is reachable.
  • Inspect DCP protocol traffic on port 3000 for 'run command' (opcode 0x75) operations containing shell command separators such as '&' or 'cmd.exe /c', which indicate command injection exploitation of CVE-2013-0928.
  • ·The Metasploit module was tested specifically against EMC AlphaStor 4.0 build 116; the vulnerability affects all builds before 800. Payloads use a maximum space of 2048 bytes with NoPs disabled, and command stager lines are capped at 487 characters due to input length constraints.
  • ·The exploit targets x86 architecture (Windows). The payload space is limited to 2048 bytes with a per-command stager line maximum of 487 characters, meaning detection rules should account for high-volume sequential short commands on port 3000.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.