CVE-2020-29667

CRITICAL

Lan ATMService M3 ATM Monitoring System 6.1.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-29667. PoCs published by jet-pentest.

AI-analyzed exploit summary The repository describes CVE-2020-29667, an insufficient session expiration vulnerability in Lan ATMService M3 ATM Monitoring System 6.1.0, where a predefined cookie value (PHPSESSID=LANIT-IMANAGER) allows remote attackers to control the system and operate ATM machines. The README provides technical details about the vulnerability, affected components, and attack vectors.

Description

In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.

Exploits (1)

nomisec WRITEUP 1 stars
by jet-pentest · poc
https://github.com/jet-pentest/CVE-2020-29667

The repository describes CVE-2020-29667, an insufficient session expiration vulnerability in Lan ATMService M3 ATM Monitoring System 6.1.0, where a predefined cookie value (PHPSESSID=LANIT-IMANAGER) allows remote attackers to control the system and operate ATM machines. The README provides technical details about the vulnerability, affected components, and attack vectors.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Lan ATMService M3 ATM Monitoring System 6.1.0
No auth needed
Prerequisites: Access to the target system's web interface
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
http://lanatmservice.ru/
Third Party Advisory x_refsource_misc
https://github.com/jet-pentest/CVE-2020-29667

Scores

CVSS v3 9.8
EPSS 0.0319
EPSS Percentile 86.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-613
Status published
Products (1)
lanatmservice/m3_atm_monitoring_system 6.1.0
Published Dec 10, 2020
Tracked Since Feb 18, 2026