漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
EVoke Systems EVoke CSMS Missing Authentication for Critical Function
Vulnerability Description
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead to privilege escalation and potentially compromise the security of the entire system.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
EVoke Systems Charging Station Management System 授权问题漏洞
Vulnerability Description
EVoke Systems Charging Station Management System是EVoke Systems公司的一款电动汽车充电站管理系统的支撑软件。 EVoke Systems Charging Station Management System存在授权问题漏洞,该漏洞源于WebSocket端点缺乏身份验证机制,可能导致攻击者冒充充电站,未经授权访问敏感数据或执行未授权操作,从而导致权限提升并危及整个系统安全。
CVSS Information
N/A
Vulnerability Type
N/A