Xiaomi smart home solutions”guest user”override control vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201558736
Type myhack58
Reporter 佚名
Modified 2015-02-03T00:00:00


Millet always let a person countless daydream, it's each of the goods are the people to whom surprised. Xiaomi smart home solution,using a lot of hardware interaction, etc., giving users a very good experience.

! t01e2d571016343efa1. png

In provide great convenience at the same time also introduces some risk. In using the router“guest users”into the local area network, you can then non-authorized access to the small ants camera Application Management Program. Caused by camera video file leaked, home wifi password leaks and other problems. To the user to bring a certain security risk.

Problem description:

The current is based on the visitor permission to access the wireless network, is not able to access to the router's management address.

! t0194235b834e9d7843. png

But you can access to the same local area network to other devices.

! t01917cbb13eac5c6e8. png

And be able to access the small ants camera configuration file and other information.

! /Article/UploadPic/2015-2/2 0 1 5 2 3 9 3 0 5 1 0 9. png

By reading the small ants camera configuration file. You can get routers a wireless access password. (From the roll over shots of people, with the owner permission and bandwidth is not a dream)

! /Article/UploadPic/2015-2/2 0 1 5 2 3 9 3 0 5 9 5 4. png

! /Article/UploadPic/2015-2/2 0 1 5 2 3 9 3 0 5 8 5 1. png

And can download the small ants camera stored in the video file. (With this we can see live.

! /Article/UploadPic/2015-2/2 0 1 5 2 3 9 3 0 5 5 8 4. png

[1] [2] next