SGUDA U-Lock - Broken Access Control

SGUDA U-Lock central lock control service’s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

授权机制不正确

SGUDA U-Lock 安全漏洞

SGUDA U-Lock是中国固特斯（SGUDA）公司的一款智能电子锁。 SGUDA U-Lock存在安全漏洞，该漏洞源于中央锁控服务用户管理功能存在授权错误问题。远程攻击者利用该漏洞可以调用特权API访问、修改和删除用户信息。

N/A

N/A