EIP-2026-101338

PRE-CVE

Komfy Switch with Camera DKZ-201S/W - WiFi Password Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101338. PoCs published by Jason Doyle.

AI-analyzed exploit summary This exploit retrieves the WiFi SSID and password from a D-Link Komfy Switch with Camera via Bluetooth BLE by reading specific UUIDs and decoding a custom base64 variant. It requires physical proximity for Bluetooth communication.

Description

Komfy Switch with Camera DKZ-201S/W - WiFi Password Disclosure

Exploits (1)

exploitdb WORKING POC

by Jason Doyle · pythonremotehardware

https://www.exploit-db.com/exploits/40633

View Code ZIP pw:eip

This exploit retrieves the WiFi SSID and password from a D-Link Komfy Switch with Camera via Bluetooth BLE by reading specific UUIDs and decoding a custom base64 variant. It requires physical proximity for Bluetooth communication.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: D-Link Komfy Switch with Camera (DKZ-201S/W) Firmware 1.0

No auth needed

Prerequisites: Bluetooth 4.0/BLE capability · Physical proximity to the target device · Python with bluepy and gattlib libraries

MITRE ATT&CK

T1003 - OS Credential Dumping T1119 - Automated Collection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026