Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dreame Technology iOS and Android Mobile Applications Improper Certificate Validation
Vulnerability Description
A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in man-in-the-middle attacks on untrusted networks. Captured communications may include user credentials and sensitive session tokens.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
证书验证不恰当
Vulnerability Title
Dreamehome app和Dreame MOVAhome app 信任管理问题漏洞
Vulnerability Description
Dreamehome app和Dreame MOVAhome app都是美国Dreame公司的一款手机APP。 Dreamehome app和Dreame MOVAhome app存在信任管理问题漏洞,该漏洞源于TLS通信中接受自签名证书,可能导致中间人攻击。
CVSS Information
N/A
Vulnerability Type
N/A