Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hard-coded AWS Key in AL-KO Robolinho Update Software
Vulnerability Description
AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only versions 8.0.21.0610 and 8.0.22.0524 were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
CVSS Information
N/A
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
AL-KO Robolinho Update Software 信任管理问题漏洞
Vulnerability Description
AL-KO Robolinho Update Software是德国AL-KO公司的一款割草机器人固件更新工具。 AL-KO Robolinho Update Software 8.0.21.0610版本存在信任管理问题漏洞,该漏洞源于硬编码AWS密钥,可能导致未经授权访问AWS存储桶。
CVSS Information
N/A
Vulnerability Type
N/A