| Title | Xiongmai AHB7804R-MH-V2, AHB8008T-GL, AHB8004T-GL, XM530_R80X30-PQ_8M, AHB7004T-GS-V3, AHB8032F-LME, AHB7004T-MHV2 V4.03.R11.4915714A.12201.142300.0000000, V4.02.R11.A8531149.10001.131900.00000, V4.03.R11.4912720B.11201.142300.0000004, V4.03.R Incorrect A |
|---|
| Description | A significant security vulnerability has been identified across a range of Xiongmai hardware products. The vulnerability resides within the implementation of the Sofia service( default port: 34567), allowing for unauthorized command execution due to incorrect access control. This vulnerability enables attackers to issue commands without proper authentication, leading to unauthorized access and potential control over device functionalities, posing a severe security risk to both the system's integrity and the confidentiality of user data, affecting over 390,000 devices on the Internet. |
|---|
| Source | ⚠️ https://github.com/netsecfish/xiongmai_incorrect_access_control |
|---|
| User | netsecfish (UID 64568) |
|---|
| Submission | 04/07/2024 12:43 PM (1 Year ago) |
|---|
| Moderation | 04/14/2024 10:44 AM (7 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 260605 [Xiongmai AHB7804R-MH-V2 up to 5.00.R02.00030751.10010.348717.0000000 Sofia Service access control] |
|---|
| Points | 20 |
|---|