Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The process of registering a device with a cloud account was based on an activation code derived from the device MAC address. By guessing valid MAC addresses or using MAC addresses printed on devices in shops and reverse engineering the protocol, an attacker would have been able to register previously unregistered devices to their account. When the rightful owner would have connected them after purchase to their WiFi network, the devices would not have registered with their account, would subsequently not have been controllable from the owner's mobile app, and would not have been visible in the owner's account. Instead, they would have been under control of the attacker.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款myStrom WiFi产品安全漏洞
Vulnerability Description
myStrom WiFi Switch V1都是德国myStrom公司的产品。myStrom WiFi Switch V1是一款智能插头。myStrom WiFi Bulb是一款智能灯泡产品。 多款myStrom WiFi产品中存在安全漏洞。攻击者可通过猜测有效的MAC地址或使用店铺里打印在设备上的MAC地址并逆向分析和研究该协议利用该漏洞将之前未注册过的设备注册到自己的账户下,进而控制设备。以下产品和版本受到影响:myStrom WiFi Switch V1 2.66之前版本,WiFi Switch V
CVSS Information
N/A
Vulnerability Type
N/A