SGUDA U-Lock - Broken Access Control

SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

授权机制不正确

SGUDA U-Lock 安全漏洞

SGUDA U-Lock是中国固特斯（SGUDA）公司的一款智能电子锁。 SGUDA U-Lock存在安全漏洞，该漏洞源于中央锁控服务的锁管理功能存在授权错误问题。远程攻击者利用该漏洞可以调用特权API来获取信息、操纵或破坏任意电子锁的功能。

N/A

N/A