EIP-2026-101850

PRE-CVE

MOBOTIX Video Security Cameras - Cross-Site Request Forgery (Add Admin)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101850. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in MOBOTIX video security cameras, allowing an attacker to add an admin user or modify group permissions via crafted HTTP POST requests. The PoC includes functional HTML forms that submit malicious requests to the target device's admin interface.

Description

MOBOTIX Video Security Cameras - Cross-Site Request Forgery (Add Admin)

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · htmlwebappshardware

https://www.exploit-db.com/exploits/39641

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in MOBOTIX video security cameras, allowing an attacker to add an admin user or modify group permissions via crafted HTTP POST requests. The PoC includes functional HTML forms that submit malicious requests to the target device's admin interface.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: MOBOTIX Video Security Cameras (MX-V3.5.2.23.r3, MX-V4.1.10.28, MX-V4.1.4.70, MX-V4.3.4.50)

No auth needed

Prerequisites: Victim must be authenticated and visit a malicious webpage

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026