EIP-2026-101713

PRE-CVE

Eltek SmartPack - Backdoor Account

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101713. PoCs published by Saeed reza Zamanian.

AI-analyzed exploit summary This writeup describes a backdoor account vulnerability in Eltek SmartPack where predefined user credentials are exposed in JSON files accessible via unauthenticated HTTP requests. The credentials are hashed with MD5, which can be cracked to obtain plaintext passwords.

Description

Eltek SmartPack - Backdoor Account

Exploits (1)

exploitdb WRITEUP

by Saeed reza Zamanian · textwebappshardware

https://www.exploit-db.com/exploits/42252

View Code ZIP pw:eip

This writeup describes a backdoor account vulnerability in Eltek SmartPack where predefined user credentials are exposed in JSON files accessible via unauthenticated HTTP requests. The credentials are hashed with MD5, which can be cracked to obtain plaintext passwords.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Eltek SmartPack

No auth needed

Prerequisites: Network access to the target device · Ability to send HTTP requests to the device

MITRE ATT&CK

T1110.001 - Password Guessing T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026