CVE-2022-35513

HIGH

Blink1Control2 <= 2.2.7 - Weak Password Encryption

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-35513. PoCs published by p1ckzi.

AI-analyzed exploit summary This exploit decrypts weakly encrypted passwords stored by Blink1Control2 (<= 2.2.7) using a hardcoded salt, password, and AES-192-ECB method. It targets the insecure password storage mechanism exposed via the /blink1/input API endpoint.

Description

The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.

Exploits (2)

exploitdb WORKING POC

by p1ckzi · javascriptlocalmultiple

https://www.exploit-db.com/exploits/51014

View Code ZIP pw:eip

This exploit decrypts weakly encrypted passwords stored by Blink1Control2 (<= 2.2.7) using a hardcoded salt, password, and AES-192-ECB method. It targets the insecure password storage mechanism exposed via the /blink1/input API endpoint.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Blink1Control2 <= 2.2.7

No auth needed

Prerequisites: Access to the /blink1/input API endpoint · Ciphertext of the encrypted password

MITRE ATT&CK

T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by p1ckzi · poc

https://github.com/p1ckzi/CVE-2022-35513

View Code ZIP pw:eip

This repository provides a functional PoC script to decrypt weakly encrypted passwords stored by blink1control2 (versions <= 2.2.7) via the /blink1/input API endpoint. The exploit leverages insecure encryption methods to reverse ciphertext into plaintext passwords.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: blink1control2 <= 2.2.7

No auth needed

Prerequisites: Node.js · npm · argparse module · simplecrypt module

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Release Notes, Third Party Advisory x_refsource_misc

https://github.com/todbot/Blink1Control2/releases

Exploit, Third Party Advisory x_refsource_misc

https://github.com/p1ckzi/CVE-2022-35513

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/168428/Blink1Control2-2.2.7-Weak-Password-Encryption.html

Scores

CVSS v3 7.5

EPSS 0.0629

EPSS Percentile 91.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-327 CWE-922

Status published

Products (2)

blink1/blink1control2 < 2.2.7

npm/Blink1Control2 0 - 2.2.9npm

Published Sep 07, 2022

Tracked Since Feb 18, 2026