| عنوان | thingsboard v3.7.0 Denial of Service |
|---|
| الوصف | Summary: RPC Server on Compromised Device Returns Large Data, Causing DoS on Thingsboard.
Detailed Steps to Reproduce the Vulnerability:
1. Setup: Ensure you have a device that can start an RPC server and that Thingsboard platform is properly set up to communicate with this device.
2. Start RPC Server: Use the HTTP RPC API reference to start an RPC server on the device.
3. Send Request: Through the Thingsboard platform, send a request to this RPC server.
4. Malicious Response: Configure the device to return a maliciously large amount of data in response to the RPC request. Our data is create by python: error_message = "Unknown " * 5000000 + "method";response = {"error": error_message};
5. Observe Effects: Notice that the Thingsboard platform tries to handle this large response, leading to Out Of Memory (OOM) errors, and eventually causing the platform to crash. |
|---|
| المصدر | ⚠️ https://1drv.ms/v/s!AksJ421iyCG-mytAcEUF6WqOTwj2?e=6WAp5G |
|---|
| المستخدم | lujiefsi (UID 72362) |
|---|
| ارسال | 24/07/2024 05:30 AM (2 سنوات منذ) |
|---|
| الاعتدال | 30/09/2024 07:49 PM (2 months later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 278887 [ThingsBoard حتى 3.7.0 HTTP RPC API الحرمان من الخدمة] |
|---|
| النقاط | 20 |
|---|