Headline
CVE-2023-31677: record/luowice.md at main · zzh-newlearner/record
Insecure permissions in luowice 3.5.18 allow attackers to view information for other alarm devices via modification of the eseeid parameter.
Permalink
Cannot retrieve contributors at this time
com.generalcomp.luowice 3.5.18 has Insecure Permission****Vulnerability Type:
Insecure Permission
Vulnerability Version:
3.5.18
Recurring environment
≥Android 7.0
Vulnerability Description AND recurrence:
Modify “eseeid” to any other field and use BASE64 encoding to access alarm information for different devices The “img_url” in the response body is decoded by BASE64 and is the image taken in the alarm message of the device, which is not further used for ethical reasons