Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
It was discovered as a part of the research on IoT devices in the most recent firmware for Blipcare device that the device allows to connect to web management interface on a non-SSL connection using plain text HTTP protocol. The user uses the web management interface of the device to provide the user's Wi-Fi credentials so that the device can connect to it and have Internet access. This device acts as a Wireless Blood pressure monitor and is used to measure blood pressure levels of a person. This allows an attacker who is connected to the Blipcare's device wireless network to easily sniff these values using a MITM attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Blipcare设备安全漏洞
Vulnerability Description
Blipcare Wifi blood pressure monitor BP700是美国Blipcare团队的一款电子血压计。 Blipcare设备中存在安全漏洞。该漏洞源于程序使用HTTP协议以非SSL连接的形式连接到Web管理界面。远程攻击者可通过实施中间人攻击利用该漏洞嗅探用户wifi凭证。
CVSS Information
N/A
Vulnerability Type
N/A