Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LocalSend is Vulnerable to Man-in-the-Middle Attacks, Leading to File Interception
Vulnerability Description
LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle (MitM) vulnerability in the software's discovery protocol allows an unauthenticated attacker on the same local network to impersonate legitimate devices, silently intercepting, reading, and modifying any file transfer. This can be used to steal sensitive data or inject malware, like ransomware, into files shared between trusted users. The attack is hardly detectable and easy to implement, posing a severe and immediate security risk. This issue was fixed in version 1.17.0.
CVSS Information
N/A
Vulnerability Type
通道可被非端点访问(中间人攻击)
Vulnerability Title
LocalSend 安全漏洞
Vulnerability Description
LocalSend是LocalSend开源的一个 AirDrop 的开源跨平台替代方案。 LocalSend 1.16.1及之前版本存在安全漏洞,该漏洞源于发现协议存在中间人攻击漏洞,可能导致文件传输拦截和修改。
CVSS Information
N/A
Vulnerability Type
N/A