| Title | Beijing Weili Digital Technology Co., Ltd 微力同步 v2.21.3 Unauthorized Access |
|---|
| Description | During security assessment of version "微力同步 v2.21.3" version,I found an unauthorized access vulnerability in the Web administration module.The vulnerability is due to the core interface of this module does not implement valid authentication logic, attackers do not need to log in account password, through direct access to the target interface. Therefore, attackers can obtain sensitive information such as device ID, system configuration, system files, device identification, etc., providing conditions for subsequent precision attacks.Corrective action must be taken immediately to ensure system safety. |
|---|
| Source | ⚠️ https://github.com/jjjjj-zr/jjjjjzr/issues/6 |
|---|
| User | jjjjjzr (UID 92774) |
|---|
| Submission | 11/21/2025 14:27 (5 months ago) |
|---|
| Moderation | 12/06/2025 18:34 (15 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 334617 [Verysync 微力同步 up to 2.21.3 Web Administration f96956469e7be39d information disclosure] |
|---|
| Points | 20 |
|---|