CVE-2022-31277

Published: Jun 16, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks. This allows attackers to to bypass the expected access restrictions and gain control of the switch and other functions via a crafted POST request.

Affected (1)

Products: Mi: Xiaomi Lamp 1 Firmware

1 product

Xiaomi Lamp 1 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mi Xiaomi Lamp 1 Firmware	Version 2.0.4_0066

Running on/with	Platform Versions
Mi Xiaomi Lamp 1	All versions

Related CWEs

CWE-294

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (2)

https://github.com/skyedai910/Vuln/tree/master/xiaomi_lamp_1/replay_attack_0

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/skyedai910/Vuln/tree/master/xiaomi_lamp_1/replay_attack_0

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.