Описание
The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.
EPSS
Процентиль: 2%
0.00012
Низкий
9.4 Critical
CVSS3
Дефекты
CWE-295
Связанные уязвимости
CVSS3: 9.4
github
около 2 месяцев назад
The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.
EPSS
Процентиль: 2%
0.00012
Низкий
9.4 Critical
CVSS3
Дефекты
CWE-295