| 제목 | Xiongmai AHB7804R-MH-V2, AHB8008T-GL, AHB8004T-GL, XM530_R80X30-PQ_8M, AHB7004T-GS-V3, AHB8032F-LME, AHB7004T-MHV2 V4.03.R11.4915714A.12201.142300.0000000, V4.02.R11.A8531149.10001.131900.00000, V4.03.R11.4912720B.11201.142300.0000004, V4.03.R Incorrect A |
|---|
| 설명 | A significant security vulnerability has been identified across a range of Xiongmai hardware products. The vulnerability resides within the implementation of the Sofia service( default port: 34567), allowing for unauthorized command execution due to incorrect access control. This vulnerability enables attackers to issue commands without proper authentication, leading to unauthorized access and potential control over device functionalities, posing a severe security risk to both the system's integrity and the confidentiality of user data, affecting over 390,000 devices on the Internet. |
|---|
| 원천 | ⚠️ https://github.com/netsecfish/xiongmai_incorrect_access_control |
|---|
| 사용자 | netsecfish (UID 64568) |
|---|
| 제출 | 2024. 04. 07. PM 12:43 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 04. 14. AM 10:44 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 260605 [Xiongmai AHB7804R-MH-V2 까지 5.00.R02.00030751.10010.348717.0000000 Sofia Service 권한 상승] |
|---|
| 포인트들 | 20 |
|---|