Commit Graph

5 Commits (c05df76ed27ef2ce0607d9f571f6aaedc44509e8)

Author SHA1 Message Date
sullo ef1f7c5e92 Updates across many templates for clarity, spelling, and grammar. 2021-09-05 17:13:45 -04:00
sandeep a7dcd3f317 added more tags 2021-08-08 00:27:18 +05:30
sandeep 3b6d6322ea Additional matcher 2021-08-08 00:22:55 +05:30
sandeep e690901c86 minor update 2021-08-08 00:20:56 +05:30
GwanYeong Kim eadc9b4dac Create kevinlab-hems-backdoor.yaml
The HEMS solution has an undocumented backdoor account and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the HEMS is offering remotely.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-27 02:48:31 +09:00