Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
lte-pic32-writer's sendto.txt may disclose URL and the API key
Vulnerability Description
lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use `sendto.txt` are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNS(such as slack and zulip) URL and API key. As of time of publication, a patch is not yet available. As workarounds, avoid using `sendto.txt` or use `.htaccess` to block access to `sendto.txt`.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
Vulnerability Type
文件和路径信息暴露
Vulnerability Title
lte-pic32-writer 安全漏洞
Vulnerability Description
lte-pic32-writer是paijp个人开发者的一款用于 pic32 设备的写入程序。 lte-pic32-writer v0.0.1及之前版本存在安全漏洞,该漏洞源于IMEI的用户可以读取sendto.txt,sendto.txt 文件可以包含 SNS(例如: slack 、 zulip)URL 和 API 密钥。
CVSS Information
N/A
Vulnerability Type
N/A