Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

KevinLAB BEMS 1.0 - Undocumented Backdoor Account


Recommended Posts

# Exploit Title: KevinLAB BEMS 1.0 - Undocumented Backdoor Account
# Date: 05.07.2021
# Exploit Author: LiquidWorm
# Vendor Homepage: http://www.kevinlab.com

Vendor: KevinLAB Inc.
Product web page: http://www.kevinlab.com
Affected version: 4ST L-BEMS 1.0.0 (Building Energy Management System)

Summary: KevinLab is a venture company specialized in IoT, Big Data, A.I based energy
management platform. KevinLAB's BEMS (Building Energy Management System) enables
efficient energy management in buildings. It improves the efficient of energy use
by collecting and analyzing various information of energy usage and facilities in
the building. It also manages energy usage, facility efficiency and indoor environment

Desc: The BEMS solution has an undocumented backdoor account and these sets of
credentials are never exposed to the end-user and cannot be changed through any
normal operation of the solution thru the RMI. Attacker could exploit this
vulnerability by logging in using the backdoor account with highest privileges
for administration and gain full system control. The backdoor user cannot be
seen in the users settings in the admin panel and it also uses an undocumented
privilege level (admin_pk=1) which allows full availability of the features that
the BEMS is offering remotely.

Tested on: Linux CentOS 7
           Apache 2.4.6
           Python 2.7.5
           PHP 5.4.16
           MariaDB 5.5.68

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic

Advisory ID: ZSL-2021-5654
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5654.php



Backdoor accounts from the DB:

Username: kevinlab (permission=1)
Password: kevin003

Username: developer1 (permission=6)
Password: 1234
Link to post
Link to comment
Share on other sites


discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    • Create New...