Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthenticated Remote Command Injection in eCharge Salia PLCC
Vulnerability Description
Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users suitably positioned on the network between an EV charger controller and eCharge infrastructure can execute arbitrary commands with elevated privileges on affected devices. This issue affects cph2_echarge_firmware: through 2.0.4.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
ONEKEY Platform 数据伪造问题漏洞
Vulnerability Description
ONEKEY Platform是ONEKEY的一个应用。 ONEKEY Platform存在数据伪造问题漏洞,该漏洞源于对等验证在任何地方都已禁用,远程未经身份验证的用户可以在受影响的设备上以提升的权限执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A