EIP-2026-102092

PRE-CVE

Uniview NVR - Password Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102092. PoCs published by B1t.

AI-analyzed exploit summary This Python script exploits an authentication bypass vulnerability in Uniview NVR devices to remotely disclose user passwords. It retrieves the configuration file via an unauthenticated request to 'main-cgi' and decodes reversible password strings using a custom mapping.

Description

Uniview NVR - Password Disclosure

Exploits (1)

exploitdb WORKING POC

by B1t · pythonwebappshardware

https://www.exploit-db.com/exploits/42150

View Code ZIP pw:eip

This Python script exploits an authentication bypass vulnerability in Uniview NVR devices to remotely disclose user passwords. It retrieves the configuration file via an unauthenticated request to 'main-cgi' and decodes reversible password strings using a custom mapping.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Uniview NVR (tested on NVR304-16E, NVR301-08-P8 with software versions B3118P26C00510, B3218P26C00512, B3220P11)

No auth needed

Prerequisites: Network access to the Uniview NVR web interface

MITRE ATT&CK

T1552.001 - Credentials In Files T1110 - Brute Force

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026