EIP-2026-101537

PRE-CVE

AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101537. PoCs published by Luca.Chiou.

AI-analyzed exploit summary This exploit describes an incorrect access control vulnerability in AUO Solar Data Recorder where plaintext credentials are exposed in the WWW-Authenticate header when accessing files under the /protect/ path. Attackers can use these credentials to bypass authentication.

Description

AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control

Exploits (1)

exploitdb WRITEUP

by Luca.Chiou · textwebappshardware

https://www.exploit-db.com/exploits/46957

View Code ZIP pw:eip

This exploit describes an incorrect access control vulnerability in AUO Solar Data Recorder where plaintext credentials are exposed in the WWW-Authenticate header when accessing files under the /protect/ path. Attackers can use these credentials to bypass authentication.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: AUO Solar Data Recorder all versions prior to v1.3.0

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026