EIP-2026-100927

PRE-CVE

Webgate WebEye - Information Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100927. PoCs published by datapath.

AI-analyzed exploit summary This Perl script exploits an information disclosure vulnerability in WebEye video server by accessing the '/admin/wg_user-info.ml' endpoint without authentication, retrieving usernames and passwords. It uses LWP::UserAgent to send an HTTP request with a crafted cookie to extract sensitive data from the response.

Description

Webgate WebEye - Information Disclosure

Exploits (1)

exploitdb WORKING POC VERIFIED

by datapath · perlwebappscgi

https://www.exploit-db.com/exploits/23418

View Code ZIP pw:eip

This Perl script exploits an information disclosure vulnerability in WebEye video server by accessing the '/admin/wg_user-info.ml' endpoint without authentication, retrieving usernames and passwords. It uses LWP::UserAgent to send an HTTP request with a crafted cookie to extract sensitive data from the response.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WebEye video server

No auth needed

Prerequisites: Network access to the target WebEye server

MITRE ATT&CK

T1592 - Gather Victim Host Information T1087 - Account Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026