Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ABUP IoT Cloud Platform Incorrect Privilege Assignment
Vulnerability Description
Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by the ABUP Cloud Update Platform.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
Vulnerability Type
特权授予不正确
Vulnerability Title
ABUP Cloud Update Platform 安全漏洞
Vulnerability Description
ABUP Cloud Update Platform是中国艾拉比(ABUP)公司的一个物联网云平台。 ABUP Cloud Update Platform存在安全漏洞,该漏洞源于恶意JSON Web令牌可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A