Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WattBox 800 & 820 Series < 2.10.0.0 RCE via Diagnostic Endpoints
Vulnerability Description
Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the device label or documentation containing these values can authenticate to the several endpoints and execute arbitrary commands as root on the device.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
隐藏功能
Vulnerability Title
Snap One Wattbox 信任管理问题漏洞
Vulnerability Description
Snap One Wattbox是Snap One公司的一系列电源解决方案。 Snap One WattBox 800和820 2.10.0.0之前版本存在信任管理问题漏洞,该漏洞源于包含未公开的诊断HTTP端点,可能导致攻击者通过设备标签上的MAC地址和服务标签认证并执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A