This post is mostly an expansion on my last post. I recently got my hands on a VertX EVO V2000 and a V1000, in addition to the Edge EVO EH400’s. I’ve only owned them for ~24 hours so I haven’t had tons of time to dig deep, but I have had a chance to test the previous exploit and make the necessary changes in order to achieve the same goal.
If you haven’t read the last post the tl;dr is: Leveraging the Discoveryd vulnerability disclosed by @HeadlessZeke, it is possible to modify the password for the EH400 door controller’s web service. With access to the web service, it is possible to lock and unlock doors attached to the door controller with ease. Read More …