unauth-zwave-mqtt: Unauthenticated ZWave To MQTT Console

漏洞描述

PoC代码[已公开]

id: unauth-zwave-mqtt

info:
  name: Unauthenticated ZWave To MQTT Console
  author: geeknik
  severity: low
  description: ZWave To MQTT Console is exposed.
  reference:
    - https://github.com/OpenZWave/Zwave2Mqtt
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"ZWave To MQTT"
  tags: misconfig,zwave,mqtt,unauth,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'ZWave To MQTT'
          - 'content="Zwavejs2Mqtt"'
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100c9f0c028a95bb5a0e6317b4cb90c0c3a6eb2b24351f20518fe6e51e4b7536ec50220543aa61404dbbd83b6077dc0051c8df3d043048db59c7fdda5cc1fb5e140e29d:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC CVE-2024-24882: Masteriyo LMS <= 1.7.2 - Unauthenticated Privilege Escalation
• POC grafana-unauth-access: Grafana Unauthenticated Access
• POC CVE-2024-2862: LG LED Assistant - Unauthenticated Password Reset
• POC keycloak-admin-console-config: Keycloak Admin Console Configuration Disclosure
• POC rails-history-exposure: Rails/Ruby Console History - Exposure
• POC jboss-jmx-console-unauth: JBoss JMX Console - Unauthenticated Access
• POC wp-better-wp-security-login-disclosure: WordPress Solid Security < 9.0.1 - Unauthenticated Login Page Disclosure
• POC CVE-2019-17671: WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
• POC CVE-2025-34299: Monsta FTP <= 2.11.2 - Unauthenticated Remote Code Execution
• POC unauth-munin: Munin Monitoring Dashboard - Exposure
• POC CVE-2020-11732: Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
• POC CVE-2021-36888: WordPress Image Hover Ultimate - Unauthenticated Settings Update
• POC CVE-2021-4449: ZoomSounds Plugin - Unauthenticated Arbitrary File Upload