| タイトル | Xiongmai AHB7804R-MH-V2, AHB8008T-GL, AHB8004T-GL, XM530_R80X30-PQ_8M, AHB7004T-GS-V3, AHB8032F-LME, AHB7004T-MHV2 V4.03.R11.4915714A.12201.142300.0000000, V4.02.R11.A8531149.10001.131900.00000, V4.03.R11.4912720B.11201.142300.0000004, V4.03.R Incorrect A |
|---|
| 説明 | A significant security vulnerability has been identified across a range of Xiongmai hardware products. The vulnerability resides within the implementation of the Sofia service( default port: 34567), allowing for unauthorized command execution due to incorrect access control. This vulnerability enables attackers to issue commands without proper authentication, leading to unauthorized access and potential control over device functionalities, posing a severe security risk to both the system's integrity and the confidentiality of user data, affecting over 390,000 devices on the Internet. |
|---|
| ソース | ⚠️ https://github.com/netsecfish/xiongmai_incorrect_access_control |
|---|
| ユーザー | netsecfish (UID 64568) |
|---|
| 送信 | 2024年04月07日 12:43 (2 年 ago) |
|---|
| モデレーション | 2024年04月14日 10:44 (7 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 260605 [Xiongmai AHB7804R-MH-V2 迄 5.00.R02.00030751.10010.348717.0000000 Sofia Service 特権昇格] |
|---|
| ポイント | 20 |
|---|