CVE-2012-10041
WAN Emulator v2.3 Command Execution
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shell_exec() with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The system also includes a SUID-root binary named dosu, which is vulnerable to command injection via its first argument. An attacker can exploit both flaws in sequence to achieve full remote code execution and escalate privileges to root.
| CWE | CWE-78 |
| Vendor | wan emulator |
| Product | wan emulator |
| Published | Aug 8, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for wan emulator wan emulator
Be the first to know when new unknown vulnerabilities affecting wan emulator wan emulator are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
WAN Emulator / WAN Emulator
2.3
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/wanem_exec.rb exploit-db.com: https://www.exploit-db.com/exploits/21190 sourceforge.net: https://sourceforge.net/projects/wanem/ vulncheck.com: https://www.vulncheck.com/advisories/wan-emulator-command-execution
Credits
bcoles