Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Vulnerability Type
完整性检查值验证不恰当
Vulnerability Title
Snap One OvrC Pro 数据伪造问题漏洞
Vulnerability Description
Snap One OvrC是美国Snap One公司的一款基于云的免费远程管理和监控平台。 Snap One OvrC Pro 7.2及之前版本存在数据伪造问题漏洞,该漏洞源于缺乏完整的 PKI系统固件签名,攻击者利用该漏洞可以上传任意固件更新,导致代码执行。
CVSS Information
N/A
Vulnerability Type
N/A