Headline
CVE-2023-31678: record/yingshi_devicekey.md at main · zzh-newlearner/record
Incorrect access control in Videogo v6.8.1 allows attackers to bind shared devices after the connection has been ended.
Permalink
Cannot retrieve contributors at this time
com.videogo 6.8.1 has Incorrect Access Control****Vulnerability Type:
Incorrect Access Control
Vulnerability Version:
6.8.1
Recurring environment
≥Android 7.0
Vulnerability Description AND recurrence:
When someone shares the device, the cloud service sends the password of the device to the user Although the device owner unshares the device, the user can still bind the device with the device number and device password