10 matches found
CVE-2019-7276
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console...
Optergy Proton and Enterprise BMS Command Injection using a backdoor
This module exploits an undocumented backdoor vulnerability in the Optergy Proton and Enterprise Building Management System BMS applications. Versions 2.0.3a and below are vulnerable. Attackers can exploit this issue by directly navigating to an undocumented backdoor script called Console.jsp in...
Optergy Proton And Enterprise BMS 2.0.3a Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Optergy Proton and Enterprise BMS Command Injection using a backdoor', 'Description' = %q This module exploits an undocumented backdoor...
Optergy Proton And Enterprise BMS 2.0.3a Command Injection Exploit
This Metasploit module exploits an undocumented backdoor vulnerability in the Optergy Proton and Enterprise Building Management System BMS applications. Versions 2.0.3a and below are vulnerable. Attackers can exploit this issue by directly navigating to an undocumented backdoor script called...
CVE-2019-7276
creationtimestamp| type| source ---|---|--- 2020-10-15 15:07:04+00:00| seen| MISP/cbd9bbb3-3f53-4610-9d91-9191ff0a9ca8 2020-10-16 06:56:57+00:00| seen| MISP/25aef508-b116-4d75-84b2-b6ceff906e44 2023-03-29 14:49:46+00:00| seen|...
Optergy 2.3.0a - Remote Code Execution (Backdoor)
Optergy 2.3.0a - Remote Code Execution Backdoor Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: \n' sys.exit while True: challengeurl =...
Optergy BMS 2.0.3a Remote Root
!/usr/bin/env python Unauthenticated Remote Root Exploit in Optergy BMS Console Backdoor Affected version \n' sys.exit while True: challengeurl = 'http://'+sys.argv1+'/tools/ajax/ConsoleResult.html?get' try: req1 = requests.getchallengeurl getchallenge = json.loadsreq1.text challenge =...
Optergy 2.3.0a - Remote Code Execution (Backdoor) Exploit
Exploit for hardware platform in category web applications Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: \n' sys.exit while True: challengeurl =...
CVE-2019-7276
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console...
CVE-2019-7276
Optergy Proton/Enterprise BMS is affected by CVE-2019-7276: unauthenticated remote code execution via a backdoor console. Public details show an undocumented backdoor script (Console.jsp) in the tools directory that enables full root access on vulnerable versions (notably 2.0.3a and earlier). Exp...