EIP-2026-101412

PRE-CVE

Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101412. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit bypasses authentication on Positron Broadcast TRA7005 by manipulating the password endpoint to set or erase user passwords. It verifies vulnerability by checking for 'TRA7K5' in the device response before sending a crafted POST request.

Description

Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · pythonremotehardware

https://www.exploit-db.com/exploits/51970

View Code ZIP pw:eip

This exploit bypasses authentication on Positron Broadcast TRA7005 by manipulating the password endpoint to set or erase user passwords. It verifies vulnerability by checking for 'TRA7K5' in the device response before sending a crafted POST request.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Positron Broadcast TRA7005 v1.20 (TRA7K5_REV107, TRA7K5_REV106, TRA7K5_REV104, TRA7K5_REV102)

No auth needed

Prerequisites: Network access to the target device · Knowledge of the target IP and port

MITRE ATT&CK

T1110.001 - Password Guessing T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026