NIBE Heat Pump RCE and LFI

Disclosed in this post.

Remote code execution exploit

Description: Exploits an input validation problem which allows remote code execution in /cgi-bin/exec.cgi
Language: Python
Download

Local file inclusion exploit

Description: Exploits an input validation problem which allows local file inclusion in /cgi-bin/read.cgi
Language: Python
Download