NOMISEC-9lyph/CVE-2022-43704

NOMISEC WORKING POC

Exploit for CVE-2022-43704 - Sinilink XY-WFT1 WiFi Remote Thermostat <1.3.6 - Auth Bypass

AI Analysis

This repository contains a Python-based PoC for CVE-2022-43704, which exploits an authentication bypass via capture-replay in the Sinilink XY-WFTX WiFi Remote Thermostat. The exploit leverages UDP communication to retrieve device info and send malicious payloads to control the relay without authentication.

Attack Type

auth_bypass

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1557 - Adversary-in-the-Middle T1562.001 - Disable or Modify Tools

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type poc

Files 10

https://github.com/9lyph/CVE-2022-43704

Stars 5

Forks 2

Last Push Oct 04, 2024

Authors

Victor Hanna 9lyph

Vulnerability

CVE-2022-43704

Sinilink XY-WFT1 WiFi Remote Thermostat <1.3.6 - Auth Bypass

MEDIUM

CVSS 5.9