## https://sploitus.com/exploit?id=7D4CBE6B-5EED-5852-9418-05EE9D4EEDF1
## ๐ค Author
**Mohammed Idrees Banyamer**
- ๐ **Country:** Jordan
- ๐ธ **Instagram:** [@banyamer_security](https://instagram.com/banyamer_security)
---






**Proof-of-Concept exploit for CVE-2026-26235** - Unauthenticated Denial of Service via missing authentication in **JUNG Smart Visu Server โค 1.1.1050**.
---
## ๐จ Vulnerability Description
**CVE-2026-26235** is an unauthenticated denial of service vulnerability in **JUNG Smart Visu Server** versions โค 1.1.1050. The product fails to implement authentication for critical system management functions, allowing remote attackers to reboot or shut down the server with a single POST request.
The endpoints `/cgi-bin/reboot.sh` and `/cgi-bin/shutdown.sh` are exposed without any authentication checks. No session tokens, API keys, or credentials are required to trigger these system-level commands.
This allows:
- **Unauthenticated system reboot/shutdown**
- **No user interaction required**
- **Complete service disruption**
- **Persistent denial of service**
---
## ๐ฏ Affected Versions
| Status | Version |
|--------|---------|
| โ **Vulnerable** | JUNG Smart Visu Server โค 1.1.1050 |
| โ **Patched** | Not yet released |
**Tested on:** JUNG Smart Visu Server 1.1.1050, Embedded Linux
---
## ๐ฅ Impact
| Vector | Description |
|--------|-------------|
| **CVSS v4** | 8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
| **Authentication** | None - Completely unauthenticated |
| **Attack Vector** | Network |
| **Complexity** | Low |
| **Impact** | High Availability Impact |
---
## ๐ฌ Technical Details
### Root Cause
1. **Missing authentication** - CWE-306: The product does not perform any authentication for critical system functions
2. **Exposed CGI endpoints** - `/cgi-bin/reboot.sh` and `/cgi-bin/shutdown.sh` are publicly accessible
3. **No session validation** - No cookie, token, or credential verification occurs
4. **Direct system command execution** - CGI scripts execute system reboot/shutdown commands without privilege checks
### Vulnerability Flow
```
Attacker โ POST /cgi-bin/reboot.sh โ No Authentication Check โ System Reboot โ DoS
Attacker โ POST /cgi-bin/shutdown.sh โ No Authentication Check โ System Shutdown โ DoS
```
---
## ๐ ๏ธ Proof of Concept
### Python Exploit Script
```python
#!/usr/bin/env python3
# Exploit Title: JUNG Smart Visu Server - Unauthenticated Remote Reboot/Shutdown
# CVE: CVE-2026-26235
# Date: 2026-02-12
# Exploit Author: Mohammed Idrees Banyamer
# Author Country: Jordan
# Instagram: @banyamer_security
# Author GitHub: https://github.com/banyamer-security
# Vendor Homepage: https://www.jung.de
# Software Link: https://www.jung.de/smart-visu-server
# Vulnerable: JUNG Smart Visu Server
Responsible Disclosure โข Security Research โข CVE-2026-26235