in ,

pfBlockerNG Unauth RCE Vulnerability – IHTeam Security Blog

IHTeam undertook an independent security assessment of pfsense’s pfBlockerNG plugin version 2.1.4_26 and identified the RCE vulnerability. 


  • Unauthenticated Remote Command Execution as root (CVE-2022-31814)

IHTeam identified a remote command execution vulnerability in pfBlockerNG <= 2.1.4_26 that can be exploited from an unauthenticated perspective.

Being the web server run by the root user, the impact of this vulnerability is critical, with a CVSS 3.0 score of 9.8


Get the exploit 

This post was created with our nice and easy submission form. Create your post!

What do you think?

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Unauthenticated Blind SSRF Flaw in WordPress Core

23 year old Denial of Service bug in Curl