Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Firewalla BTLE Weak Credentials
Vulnerability Description
A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy (BTLE) interface. Once an attacker gains access to the LAN, they could log into the SSH interface using the provisioned credentials. The license UUID can be acquired through plain-text Bluetooth sniffing, reading the QR code on the bottom of the device, or brute-forcing the UUID (though this is less likely).
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-1391
Vulnerability Title
Firewalla 安全漏洞
Vulnerability Description
Firewalla是Firewalla公司的一个驱动程序。 Firewalla 1.979之前版本存在安全漏洞,该漏洞源于存在弱凭证漏洞,允许近距离的攻击者使用许可证UUID进行身份验证,并通过蓝牙低功耗接口提供SSH凭证。
CVSS Information
N/A
Vulnerability Type
N/A