Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remnawave Backend has a race condition in HWID device limit allows bypassing max devices
Vulnerability Description
Remnawave Backend is the backend for the Remnawave proxy and user management solution. Prior to 2.7.5, a glitch in the HWID device registration logic allows an authenticated user to bypass the configured limit for HWID devices and register more devices than expected, allowing them to resell subscriptions and consume excessive traffic. This vulnerability is fixed in 2.7.5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Vulnerability Type
使用共享资源的并发执行不恰当同步问题(竞争条件)
Vulnerability Title
Backend 竞争条件问题漏洞
Vulnerability Description
Backend是remnawave开源的一个开源项目贡献者管理工具。 Backend 2.7.5之前版本存在竞争条件问题漏洞,该漏洞源于设备注册逻辑缺陷,可能导致绕过设备限制。
CVSS Information
N/A
Vulnerability Type
N/A