Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
AiKaan Cloud Controller uses a single hardcoded SSH private key and the username `proxyuser` for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target device. The device then uses it to establish a reverse SSH tunnel to a remote access server, enabling browser-based SSH access for the administrator. Because the same `proxyuser` account and SSH key are reused across all customer environments: - An attacker who obtains the key (e.g., by intercepting it in transit, extracting it from the remote access server, or from a compromised admin account) can impersonate any managed device. - They can establish unauthorized reverse SSH tunnels and interact with devices without the owner's consent. This is a design flaw in the authentication model: compromise of a single key compromises the trust boundary between the controller and devices.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
AiKaan Cloud Controller 安全漏洞
Vulnerability Description
AiKaan Cloud Controller是印度AiKaan公司的一款用于互联网边缘设备的监控平台。 AiKaan Cloud Controller存在安全漏洞,该漏洞源于使用硬编码SSH私钥和用户名proxyuser进行远程终端访问,可能导致攻击者冒充受管设备并建立未经授权的反向SSH隧道。
CVSS Information
N/A
Vulnerability Type
N/A