Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Connected IO 信任管理问题漏洞
Vulnerability Description
Connected IO是美国Connected IO公司的一款领先的硬件、软件和基于云的物联网和机器对机器解决方案 Connected IO v2.1.0 版本之前存在安全漏洞,该漏洞源于使用嵌入其设备固件中的硬编码用户名/密码对,用于使用 MQTT 进行设备通信。
CVSS Information
N/A
Vulnerability Type
N/A