Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configured giving permission for the gateway device to act on its behalf. This means an authenticated device of a certain tenant, notably also a non-gateway device acting like a gateway, may receive command & control messages targeted at a different device of the same tenant without corresponding permissions getting checked.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
Eclipse Hono 安全漏洞
Vulnerability Description
Eclipse Hono是Eclipse基金会的一个用于为所连接的 IOT 设备提供控制接口的软件。该软件连接大量的IOT设备,并提供对外提供统一的访问接口进行控制。 Eclipse Hono AMQP and MQTT protocol 适配器存在安全漏洞,该漏洞源于经过身份验证的设备可以接收不同设备的命令和控制消息。
CVSS Information
N/A
Vulnerability Type
N/A