Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol (udp/1024) commands interfacing directly with the target device. This, in turn, allows for an attack to control the onboard relay without requiring authentication via the mobile application. This might result in an unacceptable temperature within the target device's physical environment.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sinilink XY-WFT1 WiFi Remote Thermostat 安全漏洞
Vulnerability Description
Sinilink XY-WFT1 WiFi Remote Thermostat是Sinilink公司的一款远程恒温器。 Sinilink XY-WFT1 WiFi Remote Thermostat 1.3.6版本存在安全漏洞,该漏洞源于无需通过移动应用程序进行身份验证,允许攻击者绕过使用MQTT进行通信的预期要求来控制机载继电器,这可能会导致目标设备的物理环境中出现不可接受的温度。
CVSS Information
N/A
Vulnerability Type
N/A