Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important to note that in order to accomplish this, the attacker must know the corresponding API's parameter (authority : value).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ThingsBoard 安全漏洞
Vulnerability Description
Thingsboard是Thingsboard团队的一个基于Java用于IOT设备进行监控、管理、数据收集的平台。 ThingsBoard 3.4.1版本存在安全漏洞,该漏洞源于允许低权限攻击者获得权限升级并成为应用程序的管理员。
CVSS Information
N/A
Vulnerability Type
N/A