| Title | Xiongmai AHB7804R-MH-V2, AHB8008T-GL, AHB8004T-GL, XM530_R80X30-PQ_8M, AHB7004T-GS-V3, AHB8032F-LME, AHB7004T-MHV2 V4.03.R11.4915714A.12201.142300.0000000, V4.02.R11.A8531149.10001.131900.00000, V4.03.R11.4912720B.11201.142300.0000004, V4.03.R Incorrect A |
|---|
| Description | A significant security vulnerability has been identified across a range of Xiongmai hardware products. The vulnerability resides within the implementation of the Sofia service( default port: 34567), allowing for unauthorized command execution due to incorrect access control. This vulnerability enables attackers to issue commands without proper authentication, leading to unauthorized access and potential control over device functionalities, posing a severe security risk to both the system's integrity and the confidentiality of user data, affecting over 390,000 devices on the Internet. |
|---|
| Source | ⚠️ https://github.com/netsecfish/xiongmai_incorrect_access_control |
|---|
| User | netsecfish (ID 64568) |
|---|
| Submission | 04/07/2024 12:43 (1 month ago) |
|---|
| Moderation | 04/14/2024 10:44 (7 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 260605 |
|---|