Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Unauthenticated ZWave To MQTT Console

By kannthu

Low
Vidoc logoVidoc Module
#misconfig#zwave#mqtt#unauth
Description

Unauthenticated ZWave To MQTT Console

The "Unauthenticated ZWave To MQTT Console" module is designed to detect the presence of a misconfiguration in the ZWave To MQTT software. ZWave To MQTT is a software that enables the integration of Z-Wave devices with MQTT (Message Queuing Telemetry Transport) protocol. This module has a low severity level and was created by an unknown author.

Impact

If a misconfiguration is detected in the ZWave To MQTT software, it could potentially lead to unauthorized access to the MQTT console. This could allow an attacker to manipulate or control Z-Wave devices connected to the MQTT network without proper authentication.

How the module works?

The module works by sending HTTP requests to the target system and matching the responses against predefined conditions. It checks for the presence of specific keywords, such as "ZWave To MQTT" and "content=\"Zwavejs2Mqtt\"", in the response content. Additionally, it verifies that the HTTP response status is 200.

By analyzing the response content and status, the module determines if the ZWave To MQTT software is misconfigured and vulnerable to unauthenticated access.

Here is an example of an HTTP request that the module may send:

GET / HTTP/1.1
Host: example.com
User-Agent: Vidoc-Scanner

The module then evaluates the response to determine if it matches the defined conditions.

Module preview

Concurrent Requests (0)
Passive global matcher
word: ZWave To MQTT, content="Zwavejs2Mqtt"and
status: 200
On match action
Report vulnerability