CVE-2020-14930

HIGH

BT CTROMS Terminal OS Port Portal CT-464 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-14930. PoCs published by AkkuS.

AI-analyzed exploit summary This Metasploit module exploits an authentication bypass in CTROMS Terminal OS by abusing a password reset verification code disclosure vulnerability. It resets the password for a specified user by extracting the verification code and cookie values from the server's response.

Description

An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client.

Exploits (1)

exploitdb WORKING POC
by AkkuS · textremotelinux
https://www.exploit-db.com/exploits/48196

This Metasploit module exploits an authentication bypass in CTROMS Terminal OS by abusing a password reset verification code disclosure vulnerability. It resets the password for a specified user by extracting the verification code and cookie values from the server's response.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: CTROMS Terminal OS
No auth needed
Prerequisites: Known username · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/48196

Scores

CVSS v3 8.1
EPSS 0.0336
EPSS Percentile 87.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-319 CWE-522
Status published
Products (1)
bt_ctroms_terminal_project/bt_ctroms_terminal
Published Jun 19, 2020
Tracked Since Feb 18, 2026