KevinLAB BEMS version 1.0 has an undocumented backdoor account and the sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely.
You May Also Like
Trixbox 2.8.0.4 Remote Code Execution
Trixbox version 2.8.0.4 has an OS command injection vulnerability that can be…
- cybersecurityredflag_sdevzw
- May 28, 2021
Online Traffic Offense Management System 1.0 SQL Injection
Online Traffic Offense Management System version 1.0 suffers from a remote SQL…
- cybersecurityredflag_sdevzw
- August 20, 2021
Sticky Notes And Color Widgets 1.4.2 Denial Of Service
Sticky Notes and Color Widgets version 1.4.2 suffers from a denial of…
- cybersecurityredflag_sdevzw
- June 7, 2021
KnFTP Server 1.0.0 Denial Of Service
KnFTP Server version 1.0.0 LIST denial of service proof of concept exploit.
- cybersecurityredflag_sdevzw
- June 14, 2021