EIP-2026-101522

PRE-CVE

Apexis IP CAM - Information Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101522. PoCs published by Sunplace Solutions.

AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in Apexis IP cameras by accessing sensitive CGI endpoints without authentication. The Perl script automates the retrieval of credentials and configuration details via HTTP requests to exposed CGI scripts.

Description

Apexis IP CAM - Information Disclosure

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sunplace Solutions · textwebappshardware

https://www.exploit-db.com/exploits/37298

View Code ZIP pw:eip

This exploit demonstrates an information disclosure vulnerability in Apexis IP cameras by accessing sensitive CGI endpoints without authentication. The Perl script automates the retrieval of credentials and configuration details via HTTP requests to exposed CGI scripts.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Apexis IP CAM (models: APM-H602-MPC, APM-H803-MPC, APM-H901-MPC, APM-H501-MPC, APM-H403-MPC, APM-H804)

No auth needed

Prerequisites: Network access to the vulnerable IP camera · Exposed CGI endpoints (e.g., /cgi-bin/get_tutk_account.cgi)

MITRE ATT&CK

T1592 - Gather Victim Host Information T1082 - System Information Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026