漏洞关键信息 漏洞名称: Authentication Bug in Hindotech HK1 TV Box 严重性: 9.3 out of 10 on the CVSS severity scale 影响: Allows arbitrary code execution as root, leading to data theft of social media tokens, Wi-Fi passwords, cookies, saved passwords, user location data, message history, emails, contacts, etc. 具体问题: Lack of authentication in the debugging functions of the set-top box, specifically with UART serial debugging port and Android Debug Bridge (adb) 受影响设备: Hindotech HK1 TV Box S905X3, an Android-based streaming box 潜在攻击手段: Attackers can escalate privileges, access sensitive data, and sniff network traffic on the same network. 厂商响应: No response from the vendor, Shenzhen Hindo, or Amlogic. 相关研究团队: Sick.Codes 相关链接 WarezTheRemote attack in Comcast's XR11 voice remote control 标签 IoT Vulnerabilities Web Security