POC详情: 4f474a5783ec0656e024e580067dacd470f425d8

来源
https://github.com/shinyColumn/CVE-2025-50944
关联漏洞
标题: AVTECH EagleEyes 安全漏洞 (CVE-2025-50944)
描述:AVTECH EagleEyes是中国台湾陞泰科技(AVTECH)公司的一款远程即时监控移动应用。 AVTECH EagleEyes 2.0.0版本存在安全漏洞,该漏洞源于自定义X509TrustManager仅检查证书过期日期,跳过TLS链验证。
描述
Improper Certificate Chain Validation in EagleEyes Lite Android Application
介绍
# CVE-2025-50944
### Improper Certificate Chain Validation in EagleEyes Lite Android Application

## 1. Overview

<img src="images/eagleeyes-icon.png" align="left" width="150" hspace="10"/>
<br clear="left"/>

- **Application**: EagleEyes(Lite)  
- **Version**: 2.0.0  
- **Vendor**: AVTECH  
- **CWE**: [CWE-295: Improper Certificate Validation](https://cwe.mitre.org/data/definitions/295.html)  
- **CVSS**:   
- **Vector String**:   
## 2. Summary
EagleEyes Lite (version 2.0.0) fails to properly validate SSL/TLS server certificates during HTTPS communication.  
The application implements a custom `X509TrustManager` in `push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted()` that only checks certificate expiration and omits complete certificate chain validation.  
As a result, attackers can exploit this weakness to perform MITM attacks using self-signed or rogue certificates, leading to interception and manipulation of sensitive surveillance data.  

## 3. Details
Through custom `X509TrustManager`, the application only verifies the expiration date of the certificate and does not validate whether the certificate chain is properly trusted.  
```javascript
@Override // javax.net.ssl.X509TrustManager
public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    try {
        x509CertificateArr[0].checkValidity();
    } catch (Exception unused) {
        throw new CertificateException("Certificate not valid or trusted.");
    }
}
```
Through custom `X509TrustManager`, the application only verifies the expiration date of the certificate and does not validate whether the certificate chain is properly trusted.  
This enables a MITM attacker to easily intercept or modify sensitive communications between the application and its backend server.  

## 4. Recommendations
The application should replace the custom `X509TrustManager` with the default system implementation that validates the full certificate chain. Proper hostname verification must be enforced to prevent accepting mismatched or untrusted certificates.  
Insecure fallback logic for legacy Android versions should be removed or updated with equivalent security checks to ensure consistent TLS validation.
## 5. References
- https://github.com/shinyColumn/CVE-2025-46408
- https://github.com/shinyColumn/CVE-2025-50110
文件快照

 [4.0K]  /data/pocs/4f474a5783ec0656e024e580067dacd470f425d8
├── [4.0K]  images
│   └── [ 31K]  eagleeyes-icon.png
└── [2.3K]  README.md

1 directory, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。