Undocumented Backdoor Account Allows Unauthorized System Control in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0

Undocumented Backdoor Account Allows Unauthorized System Control in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0

CVE-2021-37292 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control.

Learn more about our User Device Pen Test.