Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bluetooth characteristic LESC security requirement not enforced without additional flags
Vulnerability Description
The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (for read) or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (for write), if these additional permissions are not set (even in secure connections only mode) then the stack does not perform any permission checks on these characteristics and they can be freely written/read.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
Zephyr 安全漏洞
Vulnerability Description
Zephyr是Zephyr Project开源的一个可扩展的实时操作系统 (RTOS)。 Zephyr 3.5.0及之前版本存在安全漏洞,该漏洞源于存在权限检查不当问题,攻击者可以进行读取或写入操作。
CVSS Information
N/A
Vulnerability Type
N/A