id: teslamate-unauth-access info: name: TeslaMate - Unauthenticated Access author: For3stCo1d severity: medium description: | A misconfig in Teslamate allows unauthorized access to /settings endpoint. metadata: max-request: 1 verified: true shodan-query: http.favicon.hash:-1478287554 fofa-query: title="teslamate" tags: misconfig,teslamate,unauth http: - method: GET path: - "{{BaseURL}}/settings" matchers-condition: and matchers: - type: word part: body words: - "Settings ยท TeslaMate" - "URLs" condition: and - type: status status: - 200 extractors: - type: regex part: body group: 1 regex: - "([0-9.]+)"