漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
ESPHome remote code execution via arbitrary file write
Vulnerability Description
ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 (command line installation) allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. This vulnerability is patched in 2024.2.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
ESPHome 安全漏洞
Vulnerability Description
Esphome是一个配置、管理智能硬件的系统。用于控制Esp8266/Esp32硬件,实现家庭自动化控制。 ESPHome 2024.2.1之前版本存在安全漏洞,该漏洞源于安全配置错误,允许经过身份验证的远程攻击者在配置目录下读取和写入任意文件,从而实现远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A