CVE-2023-27823
published 2023-05-12CVE-2023-27823: An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.
PriorityP181critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
49.83%
98.8th percentile
An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| optoma | 1080pstx | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated access to the Optoma 1080PSTX admin panel by looking for HTTP requests to /index.asp containing the cookie 'atop=1' without a prior authenticated session. ↗
- →Monitor HTTP GET requests to /index.asp on projector/embedded device hosts that include 'Cookie: atop=1' in the request headers. ↗
- ·The authentication bypass is only exploitable by an attacker on the same network as the device (local network access required). ↗
- ·The vulnerability affects Optoma 1080PSTX specifically running Firmware version C02; other firmware versions are not confirmed affected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2023-05-12
Published