EIP-2026-101993

PRE-CVE

Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101993. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit describes a session hijacking vulnerability in Sielco Analog FM Transmitter due to insufficient session ID length, allowing brute force attacks to bypass authentication. It lists affected versions and provides example session IDs but lacks executable code.

Description

Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/51363

View Code ZIP pw:eip

The exploit describes a session hijacking vulnerability in Sielco Analog FM Transmitter due to insufficient session ID length, allowing brute force attacks to bypass authentication. It lists affected versions and provides example session IDs but lacks executable code.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Theoretical

Target: Sielco Analog FM Transmitter (versions 2.12, 2.11, 2.10, 2.08, 2.07, 2.06, 1.7.7, 1.7.4, 1.6.3, 1.5.4)

No auth needed

Prerequisites: network access to the target device

MITRE ATT&CK

T1110 - Brute Force

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026