An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device's insufficient cookie verification, allowing an attacker to directly request the configuration file address and download the core configuration file without logging into the device management backend. By reading the corresponding username and self-decrypted MD5 password in the core configuration file, the attacker can directly log in to the backend, thereby bypassing the front-end backend login page.
The vulnerability results from insufficient cookie verification (CWE-565) in the device software. An attacker can directly send an HTTP request to the configuration file address without prior login to the management panel. The downloaded configuration file contains usernames and passwords in MD5 hash format, which can be decrypted. With credentials in hand, the attacker can log in to the administrative panel, completely bypassing the authentication mechanism at the interface level.
The attacker gains full, unauthorized access to the device's administrative panel, enabling them to read and modify configuration, take control of the device, and potentially perform further actions on the local network.
Update NJHYST HY511 POE core software to version 2.1 or newer and plugins to version 0.1 or newer. Until the patch is deployed, it is recommended to restrict access to the device management interface exclusively to trusted IP addresses through firewall or network segmentation.
NJHYST HY511 POE core in versions before 2.1 and plugins in versions before 0.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNjhyst Hy511
HWNjhystwszystkie wersjeNjhyst Hy511 Firmware
OSNjhyst< 2.1