Auth bypass in Evbee Dc-80
CVE-2026-22096
The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints.
Vulnerability class: Broken Authentication
Affected products
- Evbee Dc-80 — versions 0
Weakness classification (CWE)
References
- csirt@divd.nl (third-party-advisory)