Описание
The devices do not implement any authentication for the web interface or the MQTT server. An attacker who has network access to the device immediately gets administrative access to the devices and can perform arbitrary administrative actions and reconfigure the devices or potentially gain access to sensitive data.
EPSS
Процентиль: 11%
0.00038
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 6.5
github
9 месяцев назад
The devices do not implement any authentication for the web interface or the MQTT server. An attacker who has network access to the device immediately gets administrative access to the devices and can perform arbitrary administrative actions and reconfigure the devices or potentially gain access to sensitive data.
EPSS
Процентиль: 11%
0.00038
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-306