KEVIntel
Back to KEVs
9.8
CVSS
Critical

CVE-2016-10372

PUBLISHED

The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547,...

Exploited in the wild Remote Low complexity No user interaction
Vendor
Eir
Product
D1000 modem
Published
May 16, 2017
EPSS

Description

The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password (which defaults to the Wi-Fi password), and using the NewNTPServer feature.

metasploit

CVSS scores

CVSS v3.0 9.8 Critical

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 10.0

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitation status

Exploited in the wild

Recorded 2025-04-22 00:00:00 UTC · Source

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
The Shadowserver (via CIRCL) Apr 28, 2025

Scanner integrations

Scanner Reference Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/tr064_ntpserver_cmdinject.rb Apr 28, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

tr064_ntpserver_cmdinject

metasploit · Created Unknown

Metasploit module for CVE-2016-10372

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Metasploit