Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct object references allows to return password information for other end-users devices. Many of the picture frame devices offer video calling, and it is likely this information can be used to abuse that functionality.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Shenzhen Fujia Technology OurPhoto 安全漏洞
Vulnerability Description
Shenzhen Fujia Technology OurPhoto是中国Shenzhen Fujia Technology公司的一个云相框软件。可以直接在手机上共享照片和视频文件。 Shenzhen Fujia Technology OurPhoto 1.4.1版本存在安全漏洞,该漏洞源于其/device/signin端点公开了图片框设备内功能的明文密码信息(deviceVideoCallPassword和mqttPassword以明文形式返回)。缺乏会话管理和存在不安全的直接对象引用允许返回其他终端用
CVSS Information
N/A
Vulnerability Type
N/A