EIP-2026-101580

PRE-CVE

Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101580. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit demonstrates an unauthenticated directory traversal vulnerability in Carel pCOWeb HVAC BACnet Gateway 2.1.0 via the 'file' parameter in 'logdownload.cgi', allowing arbitrary file disclosure. The provided curl command successfully retrieves '/etc/passwd'.

Description

Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Directory Traversal

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/50986

View Code ZIP pw:eip

The exploit demonstrates an unauthenticated directory traversal vulnerability in Carel pCOWeb HVAC BACnet Gateway 2.1.0 via the 'file' parameter in 'logdownload.cgi', allowing arbitrary file disclosure. The provided curl command successfully retrieves '/etc/passwd'.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Carel pCOWeb HVAC BACnet Gateway 2.1.0

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026