Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TAPHOME Improper Authentication in Core Platform
Vulnerability Description
A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may gain full access to the device by using this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
授权机制不正确
Vulnerability Title
TapHome 授权问题漏洞
Vulnerability Description
TapHome是斯洛伐克TapHome公司的一个可以自己进行调整的智能家居系统。 TapHome 2023.2之前版本存在授权问题漏洞,该漏洞源于存在隐藏的API,允许经过身份验证的低权限用户更改其他用户的密码,攻击者利用此漏洞可以获得对设备的完全访问权限。
CVSS Information
N/A
Vulnerability Type
N/A