EIP-2026-100074

PRE-CVE

Magic Home Pro 1.5.1 - Authentication Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100074. PoCs published by Victor Hanna.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Magic Home Pro 1.5.1 by forging tokens and sending crafted commands to control devices. It includes functionality to enumerate MAC addresses and toggle device states (on/off).

Description

Magic Home Pro 1.5.1 - Authentication Bypass

Exploits (1)

exploitdb WORKING POC

by Victor Hanna · pythonwebappsandroid

https://www.exploit-db.com/exploits/49266

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in Magic Home Pro 1.5.1 by forging tokens and sending crafted commands to control devices. It includes functionality to enumerate MAC addresses and toggle device states (on/off).

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Magic Home Pro 1.5.1

No auth needed

Prerequisites: Valid email/username and password for initial authentication · Network access to the target API endpoints

MITRE ATT&CK

T1110 - Brute Force T1078 - Valid Accounts

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026