7 matches found
EUVD-2022-46686
Malicious code in bioql PyPI...
CVE-2022-43704
The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol udp/1024 commands interfacing directly with the target device. This, in turn, allows for...
Design/Logic Flaw
The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol udp/1024 commands interfacing directly with the target device. This, in turn, allows for...
CVE-2022-43704
The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol udp/1024 commands interfacing directly with the target device. This, in turn, allows for...
CVE-2022-43704
CVE-2022-43704 affects Sinilink XY-WFT1 WiFi Remote Thermostat (firmware 1.3.6). The issue allows an attacker to bypass the requirement to use MQTT and replay SINILINK521 protocol commands over UDP/1024, interfacing directly with the device to control the onboard relay without mobile-app authenti...
Exploit for Authentication Bypass by Capture-replay in Sinilink Xy-Wft1_Firmware
CVE-2022-43704 - Channel Accessible by Non-Endpoint/Authentica...
50m-ctf: `Cody trolled us all` h1-702 CTF write-up
Premise I use not to play CTF challenges because they usually absorb me entirely. I cannot think of anything else but "I want that flag!". That said, this is going to be a long story: no princess, no dragoons, only a tweet. https://twitter.com/Hacker0x01/status/1100543680383832065 Level 0 - Nothi...