漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Device Authentication Vulnerability in thinx-device-api IoT Device Management Server
Vulnerability Description
A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be reviewed further. Applies to all (mostly ESP8266/ESP32) users. This has been fixed in firmware version 2.5.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
Vulnerability Type
使用欺骗进行的认证绕过
Vulnerability Title
Thinx-device-api IoT Device Management Server 安全漏洞
Vulnerability Description
Thinx-device-api IoT Device Management Server是一套运行在Node.js上的远程物联网设备管理平台。 Thinx-device-api IoT Device Management Server 2.5.0之前版本中存在安全漏洞。攻击者可利用该漏洞伪造设备的MAC地址并使用相同的MAC地址创建新的UDID。
CVSS Information
N/A
Vulnerability Type
N/A