Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Device Authentication Vulnerability in thinx-device-api IoT Device Management Server
Vulnerability Description
A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be reviewed further. Applies to all (mostly ESP8266/ESP32) users. This has been fixed in firmware version 2.5.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
Vulnerability Type
使用欺骗进行的认证绕过
Vulnerability Title
Thinx-device-api IoT Device Management Server 安全漏洞
Vulnerability Description
Thinx-device-api IoT Device Management Server是一套运行在Node.js上的远程物联网设备管理平台。 Thinx-device-api IoT Device Management Server 2.5.0之前版本中存在安全漏洞。攻击者可利用该漏洞伪造设备的MAC地址并使用相同的MAC地址创建新的UDID。
CVSS Information
N/A
Vulnerability Type
N/A