CVE-2022-43704

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-43704
The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol (udp/1024) commands interfacing directly with the target device. This, in turn, allows for an attack to control the onboard relay without requiring authentication via the mobile application. This might result in an unacceptable temperature within the target device's physical environment.

5.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-43704-capture-replay-vulnerability-in-sinilink-xy-wft1-thermostat/ Exploit Third Party Advisory
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-43704-capture-replay-vulnerability-in-sinilink-xy-wft1-thermostat/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sinilink:xy-wft1_firmware:1.3.6:*:*:*:*:*:*:*
cpe:2.3:h:sinilink:xy-wft1:-:*:*:*:*:*:*:*
History

21 Nov 2024, 07:27

Type Values Removed Values Added
Summary
  • (es) El termostato remoto WiFi Sinilink XY-WFT1, que ejecuta el firmware 1.3.6, permite a un atacante eludir el requisito previsto de comunicarse mediante MQTT. Es posible reproducir comandos del protocolo Sinilink, también conocido como SINILINK521 (udp/1024), interactuando directamente con el dispositivo de destino. Esto, a su vez, permite que un ataque controle el relé integrado sin requerir autenticación a través de la aplicación móvil. Esto podría provocar una temperatura inaceptable en el entorno físico del dispositivo de destino.
References () https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-43704-capture-replay-vulnerability-in-sinilink-xy-wft1-thermostat/ - Exploit, Third Party Advisory () https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-43704-capture-replay-vulnerability-in-sinilink-xy-wft1-thermostat/ - Exploit, Third Party Advisory
Information

Published : 2023-01-20 17:15

Updated : 2025-04-02 16:15

NVD link : CVE-2022-43704

Mitre link : CVE-2022-43704

CVE.ORG link : CVE-2022-43704

JSON object : View

Products Affected

sinilink

  • xy-wft1
  • xy-wft1_firmware
CWE
CWE-294

Authentication Bypass by Capture-replay