CVE-2022-22833

HIGH

Servisnet Tessa 0.0.2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-22833. PoCs published by AkkuS.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated MQTT credentials dump vulnerability in Servisnet Tessa by extracting hardcoded credentials from a publicly accessible JavaScript file and attempting to authenticate with the MQTT service.

Description

An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request.

Exploits (2)

exploitdb WORKING POC

by AkkuS · rubywebappsmultiple

https://www.exploit-db.com/exploits/50713

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated MQTT credentials dump vulnerability in Servisnet Tessa by extracting hardcoded credentials from a publicly accessible JavaScript file and attempting to authenticate with the MQTT service.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Servisnet Tessa

No auth needed

Prerequisites: Network access to the target application · Publicly accessible 'app.js' file

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by AkkuS · rubywebappsmultiple

https://www.exploit-db.com/exploits/50712

View Code ZIP pw:eip

This Metasploit module exploits a privilege escalation vulnerability in Servisnet Tessa by leveraging an API endpoint to retrieve user information, including session IDs, and then creating a new admin user with a hardcoded password.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Servisnet Tessa

Auth required

Prerequisites: Valid low-privilege user credentials · Access to the target application's API endpoints

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1110 - Brute Force

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Product, Vendor Advisory x_refsource_misc

http://www.servisnet.com.tr/en/page/products

Exploit, Third Party Advisory x_refsource_misc

https://pentest.com.tr/exploits/Servisnet-Tessa-MQTT-Credentials-Dump-Unauthenticated.html

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/165867/Servisnet-Tessa-MQTT-Credential-Disclosure.html

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/50713

Scores

CVSS v3 7.5

EPSS 0.2472

EPSS Percentile 96.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (1)

servisnet/tessa 0.0.2

Published Feb 06, 2022

Tracked Since Feb 18, 2026