Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ASUS WebStorage - Use of Hard-coded Credentials
Vulnerability Description
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modify or delete this user account information.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
ASUS WebStorage 信任管理问题漏洞
Vulnerability Description
ASUS WebStorage是中国华硕(ASUS)公司的一种在线存储服务。 ASUS WebStorage 存在安全漏洞,该漏洞源于在 APP 源代码中有一个硬编码的 API Token。未经身份验证的远程攻击者可以使用此令牌与服务器建立连接并对一般用户帐户进行登录尝试。成功登录到普通用户帐户允许攻击者访问、修改或删除此用户帐户信息。
CVSS Information
N/A
Vulnerability Type
N/A