Published: 07/09/2022 Updated: 08/08/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.

Vulnerable Product	Search on Vulmon	Subscribe to Product
blink1 blink1control2

Blink1Control2 version 227 suffers from a weak password encryption vulnerability ...

IoTPene CVE-IDおよびExploitDB-ID (EID)を指定することで，対応したPoCの実行環境(Dockerコンテナ)を自動で構築するツール PoCの実行に必要なプログラミング言語の実行環境とPoCで使用されるモジュールを自動でインストールすることにより，PoCのテストやペネトレーションテストを補助します

CVE-2022-35513 | blink1-pass-decrypt

blink1-pass-decrypt ⭐ poc and simple script designed for reversing the ciphertext found at /blink/input of the api server in blink1control2 installations (versions <=227) the exploit - CVE-2022-35513 ❗ the blink1control2 app utilises weak password encryption and an insecure method of storage which can be found by accessing the /blink1/input url of the api server

CWE-327 CWE-922 https://github.com/todbot/Blink1Control2/releases https://github.com/p1ckzi/CVE-2022-35513 http://packetstormsecurity.com/files/168428/Blink1Control2-2.2.7-Weak-Password-Encryption.html https://nvd.nist.gov https://github.com/security-anthem/IoTPene https://github.com/p1ckzi/CVE-2022-35513 https://packetstormsecurity.com/files/168428/Blink1Control2-2.2.7-Weak-Password-Encryption.html

CVE-2022-35513

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect