A critical vulnerability has been discovered in multiple NJHYST products that allows an unauthenticated attacker to completely bypass the device's login mechanism. By directly accessing a configuration file, an attacker can retrieve administrative credentials and gain full control over the device, posing a severe risk to network security and operational integrity.

The vulnerability is an authentication bypass caused by insufficient cookie verification on the device's web management interface. An unauthenticated remote attacker can exploit this flaw by sending a direct HTTP request to the URL of the device's core configuration file. As the system does not properly validate the user's session, it grants access to the file, which contains sensitive information including the administrator username and a decryptable MD5 password hash. The attacker can then use these recovered credentials to log in to the device's management backend with full administrative privileges.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation leads to a complete compromise of the affected NJHYST device. An attacker with administrative access could reconfigure the device, disrupt network traffic, monitor communications, disable security features, or use the compromised device as a pivot point to launch further attacks against the internal network. This presents a significant risk to data confidentiality, network availability, and the overall security posture of the organization.

Immediate Action: Immediately apply the security updates provided by the vendor. Update the NJHYST HY511 POE core to version 2.1 or later and all associated plugins to version 0.1 or later to remediate this vulnerability.

Proactive Monitoring: Review web server and device access logs for any direct, unauthenticated requests to configuration file paths. Monitor for unusual login activity, especially from untrusted or unexpected IP addresses. Implement alerts for any unauthorized configuration changes on the devices.

Compensating Controls: If patching cannot be performed immediately, restrict network access to the device's management interface. Use a firewall or network access control lists (ACLs) to ensure that the interface is only accessible from a secure, isolated management network or specific, trusted administrator IP addresses.

Public Exploit Available: false

Due to the critical severity (CVSS 9.8) and the ease of exploitation that allows for a complete system takeover without authentication, immediate action is required. We strongly recommend that organizations identify all affected NJHYST devices within their environment and prioritize the application of the vendor-supplied patches without delay. If patching is not immediately feasible, the compensating control of restricting network access to the management interface should be implemented as an urgent priority to mitigate the risk of compromise.