Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The SSL/TLS server certificate in the device to cloud communication was not verified by the device. As a result, an attacker in control of the network traffic of a device could have taken control of a device by intercepting and modifying commands issued from the server to the device in a Man-in-the-Middle attack. This included the ability to inject firmware update commands into the communication and cause the device to install maliciously modified firmware.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款myStrom WiFi产品安全漏洞
Vulnerability Description
myStrom WiFi Switch V1都是德国myStrom公司的产品。myStrom WiFi Switch V1是一款智能插头。myStrom WiFi Bulb是一款智能灯泡产品。 多款myStrom WiFi产品中存在安全漏洞,该漏洞源于设备没有验证SSL/TLS服务器证书。攻击者可通过实施中间人攻击劫持并修改服务器发往设备的命令利用该漏洞控制设备,进而向设备与云端的通信注入固件更新命令,造成设备安装恶意修改的固件。以下产品和版本受到影响:myStrom WiFi Switch V1 2.6
CVSS Information
N/A
Vulnerability Type
N/A