EIP-2026-100764

PRE-CVE

C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S / DVR - Credentials Disclosure / Authentication Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100764. PoCs published by Yakir Wizman.

AI-analyzed exploit summary The advisory details a credentials disclosure and authentication bypass vulnerability in C2S DVR devices. It provides specific URLs and parameters to exploit these issues, including unauthenticated access to sensitive configuration data and password change functionality.

Description

C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S / DVR - Credentials Disclosure / Authentication Bypass

Exploits (1)

exploitdb WRITEUP

by Yakir Wizman · textwebappscgi

https://www.exploit-db.com/exploits/40265

View Code ZIP pw:eip

The advisory details a credentials disclosure and authentication bypass vulnerability in C2S DVR devices. It provides specific URLs and parameters to exploit these issues, including unauthenticated access to sensitive configuration data and password change functionality.

Classification

Writeup 90%

Attack Type

Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: C2S DVR Management (IRDOME-II-C2S, IRBOX-II-C2S, DVR)

No auth needed

Prerequisites: Network access to the target device · Target device must be running vulnerable C2S DVR software

MITRE ATT&CK

T1552 - Unsecured Credentials T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026