CVE-2021-40903

CRITICAL

Antminer Monitor 0.50.0 - Backdoor

Title source: llm

Description

A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. Settings file has a predefined secret string, which would be randomly generated, however it is static.

Exploits (2)

exploitdb WORKING POC

by Vulnz · textwebappsmultiple

https://www.exploit-db.com/exploits/50267

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by vulnz · poc

https://github.com/vulnz/CVE-2021-40903

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/50267

[Product] https://github.com/anselal/antminer-monitor

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/164048/Antminer-Monitor-0.5.0-Authentication-Bypass.html

Scores

CVSS v3 9.8

EPSS 0.1162

EPSS Percentile 93.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (1)

antminer_monitor_project/antminer_monitor 0.50.0

Published Jun 17, 2022

Tracked Since Feb 18, 2026