Improper Neutralization of Wildcards or Matching Symbols in CloudEdge Online Cameras and App

The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to leverage the MQTT wildcard to receive all the messages that should be delivered to other users by subscribing to the a MQTT topic. In these messages, the attacker can obtain the credentials and key information to connect to the cameras from peer to peer.

N/A

双字符或匹配符号转义处理不恰当

CloudEdge App 安全漏洞

CloudEdge App是CloudEdge公司的一款为监控摄像头设计的移动应用程序。 CloudEdge App存在安全漏洞，该漏洞源于未清理MQTT主题输入，可能导致攻击者利用MQTT通配符接收所有消息，从而获取连接到摄像头的凭据和密钥信息。

N/A

N/A