EIP-2026-102115

This writeup details an undocumented backdoor account in WEMS BEMS 21.3.1, including hardcoded credentials and a Base64-encoded backdoor user with privilege level 3. It provides authentication bypass details and steps to exploit the vulnerability via HTTP GET requests.