This exploit targets a command injection vulnerability in the NIBE heat pump web interface, allowing remote command execution via a crafted HTTP request to the `/cgi-bin/exec.cgi` endpoint. It includes fingerprinting to confirm the target and supports basic authentication.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:NIBE heat pump web interface (version unspecified)
Auth required
Prerequisites:Network access to the target device · Valid credentials (default: admin:admin)