⚠️ In Aug. 2025, Rapid7 found #TwonkyServer susceptible to multiple vulns – granting unauthenticated attackers plaintext admin credentials, full admin access to the instance & control of all stored media files.
At the time of publication, these vulns have not been patched. Read on: r-7.co/4a0JiuU
🎤👾 Introducing Hacktics and Telemetry, a bi-weekly video and audio podcast out of Rapid7 Labs, starring Rapid7's Doug McKee (fulmetalpackets) & Jonah Burgess (@cryptocat.me)!
🧵 Find episode 1's companion blog here: r-7.co/4di8tuH
▶️ Or dive right into the full vid on YouTube: r-7.co/3NiQfP2
We now have a (draft) @metasploit-r7.bsky.social exploit module for the recent Fortinet FortiWeb vulns, chaining CVE-2025-64446 (auth bypass) + CVE-2025-58034 (command injection) to achieve unauthenticated RCE with root privileges: github.com/rapid7/metas...
We posted our AttackerKB @rapid7.com Analysis of the new EITW FortiWeb command injection vuln, CVE-2025-58034. The patch fixes several command injections, so we reproduced the SAML config name injection, and popped a reverse root shell 🎯 Full details here: attackerkb.com/topics/zClpI...
Check out the analysis by @cryptocat.me for CVE-2026-20127 in Cisco SD WAN. That other PoC posted last week exploits a totally different bug that doesn't match the reported IOCs (some kind of file upload due to path traversal in vManage maybe). We asses with high confidence this is CVE-2026-20127 🔥
We just published our @rapid7.com analysis of CVE-2026-1731, a critical command injection affecting BeyondTrust Privileged Remote Access (PRA) & Remote Support (RS). Unauthenticated RCE, with a root cause due to Bash arithmetic evaluation. Analysis/PoC here: attackerkb.com/topics/jNMBc...
New @metasploit-r7.bsky.social aux module in the pull queue for the FortiWeb vuln (no CVE at this time). Based on the PoC captured and posted by Defused, it leverages an auth bypass to create a new local admin account on the target: github.com/rapid7/metas...
Rapid7
Rapid7
We have disclosed CVE-2026-2329, a critical unauth stack-based buffer overflow vuln affecting the Grandstream GXP1600 series of VoIP phones. Read our disclosure on the @rapid7.com blog, including technical details for unauth RCE, and accompanying @metasploit-r7.bsky.social modules: r-7.co/4tIzope
Stephen Fewer
Stephen Fewer
We just published our AttackerKB @rapid7.com analysis of CVE-2025-12480. Disclosed yesterday, but patched back in July, it's an access control bypass affecting not only Gladinet Triofox, but as we show, also Gladinet CentreStack. Full analysis & RCE details here: attackerkb.com/topics/5C4wR...
New episode of the @rapid7.com podcast! 👀
@stephenfewer.bsky.social joins @fulmetalpackets.bsky.social and myself to talk about the latest SD-WAN auth bypass - available now in the Metasploit framework 😎
www.youtube.com/watch?v=tg4T...
Stephen Fewer
Stephen Fewer
Stephen Fewer
Stephen Fewer
Stephen Fewer
Rapid7 has identified two vulnerabilities that facilitate administrator authentication bypass in Twonky Server, a media solution.
On February 6, 2026, BeyondTrust published an advisory for a new critical command injection vulnerability, CVE-2026-1731, affecting their products Remote Suppo…
🚨 CVE-2026-20127: Cisco SD-WAN authentication bypass. An unauthenticated attacker can inject SSH keys without crypto verification via a flawed state machine. Active exploitation by UAT-8616 since 2023 💀
Check out the full @rapid7.com analysis 👇
attackerkb.com/topics/bP3FM...
CryptoCat
## Overview On 25th February 2026, Cisco published an advisory for CVE-2026-20127, a critical authentication bypass vulnerability in the vdaemon service of Cis…
