EIP-2026-101337

PRE-CVE

KevinLAB BEMS 1.0 - Undocumented Backdoor Account

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101337. PoCs published by LiquidWorm.

AI-analyzed exploit summary This advisory details an undocumented backdoor account in KevinLAB BEMS 1.0, providing hardcoded credentials with elevated privileges. The vulnerability allows unauthorized access to the system with full administrative control.

Description

KevinLAB BEMS 1.0 - Undocumented Backdoor Account

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textremotehardware

https://www.exploit-db.com/exploits/50145

View Code ZIP pw:eip

This advisory details an undocumented backdoor account in KevinLAB BEMS 1.0, providing hardcoded credentials with elevated privileges. The vulnerability allows unauthorized access to the system with full administrative control.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: KevinLAB BEMS 1.0.0

No auth needed

Prerequisites: Network access to the BEMS system

MITRE ATT&CK

T1078 - Valid Accounts

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026