CVE-2021-3130

MEDIUM

Open-AudIT <3.5.3 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-3130. PoCs published by jet-pentest, lusterx.

AI-analyzed exploit summary The repository describes an insufficiently protected credentials vulnerability in Open-AudIT up to version 3.5.3, where SSH secrets, Windows passwords, and SNMP strings are obfuscated via HTML password fields but can be revealed using browser developer tools. The writeup provides a clear technical description of the issue and references the vendor.

Description

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.

Exploits (2)

nomisec WRITEUP 1 stars

by jet-pentest · poc

https://github.com/jet-pentest/CVE-2021-3130

View Code ZIP pw:eip

The repository describes an insufficiently protected credentials vulnerability in Open-AudIT up to version 3.5.3, where SSH secrets, Windows passwords, and SNMP strings are obfuscated via HTML password fields but can be revealed using browser developer tools. The writeup provides a clear technical description of the issue and references the vendor.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Open-AudIT up to 3.5.3

Auth required

Prerequisites: Access to the Open-AudIT web interface · Browser developer tools or similar inspection capabilities

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by lusterx · poc

https://github.com/lusterx/CVE-2021-3130

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-3129, an unauthenticated RCE vulnerability in Laravel <8.4.2 when debug mode is enabled. The exploit leverages deserialization via PHPGGC to achieve remote command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Laravel <8.4.2

No auth needed

Prerequisites: Laravel in debug mode · PHPGGC tool

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 07, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://opmantek.com/network-discovery-inventory-software/

Third Party Advisory x_refsource_misc

https://raw.githubusercontent.com/B0D0B0P0T/CVE/main/CVE-2021-3130

Scores

CVSS v3 5.9

EPSS 0.0132

EPSS Percentile 67.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (1)

opmantek/open-audit < 4.0.2

Published Jan 20, 2021

Tracked Since Feb 18, 2026