From this webpage screenshot, the following key vulnerability information can be obtained: 1. Product and Version: - Product: com.dc.dreamcatcherlife - Version: v1.8.7 2. Vulnerability Type: - Incorrect Access Control 3. Severity: - High 4. Project Description: - DreamCatcher Life v1.8.7 is an application that enables remote control of various wireless smart devices. It supports fast and simple network connections, allowing users to remotely manage and control multiple smart devices in their homes. The app supports one-touch control of multiple devices and enables users to set up multiple automated scenes, providing a secure and hassle-free smart home experience. 5. Vulnerability Description: - Due to the lack of access control restrictions or authentication in the DreamCatcher Life v1.8.7 application, attackers can exploit information leaked from the APK file to download firmware. Specifically, the absence of access control during firmware updates and downloads allows potential attackers to analyze code and data within the APK file, identify classes or methods related to firmware updates, and leverage the network request component to successfully retrieve the complete firmware associated with the application without authorization. This creates a serious security risk, as attackers can analyze the firmware to extract potentially sensitive data such as passwords, encryption keys, and configuration files. If leaked, this information could lead to system compromise. Additionally, attackers can access the firmware source code, modify it, and thereby gain full control over the device. 6. Vulnerability Reproduction: - Using tools like JADX to analyze the APK file, one can identify classes or methods related to firmware updates. The network request methods in can be exploited to extract relevant information. Constructing the network request requires information such as a token. 7. Vulnerability Impact: - Due to the lack of necessary access control mechanisms on the server, attackers can obtain the complete firmware from the server. By analyzing the firmware, they can extract sensitive data such as passwords, encryption keys, and configuration files. If leaked, this could lead to system compromise. Attackers can also access the firmware source code, modify it, and thereby gain full control over the device. 8. Remediation Recommendations: - Implement access control or authentication mechanisms to ensure strict authentication and authorization checks on the server side for all requests. - Validate firmware download requests by checking request origin, device ID, user ID, etc., to ensure requests come from legitimate devices and users. - Generate firmware download links dynamically on the server with short expiration times to prevent abuse. - Securely encrypt parameters such as to ensure safety during storage and transmission.