漏洞描述
HA Bridge是家庭自动化桥,模拟 Philips Hue 灯光系统,可以控制其他系统,例如 Vera、Harmony Hub、Nest、MiLight灯泡或具有 http/https/tcp/udp 接口的任何其他系统。攻击者可通过该漏洞读取系统重要文件
HA-Bridge 网关应用 /api/devices/backup/download 文件读取漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2020-11853: Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
- POC CVE-2021-22502: Micro Focus Operations Bridge Reporter - Remote Code Execution
- POC CVE-2021-25112: WordPress WHMCS Bridge <6.4b - Cross-Site Scripting
- POC CVE-2025-4008: MeteoBridge <= 6.1 - Remote Code Execution
- POC CVE-2025-4008: MeteoBridge <= 6.1 - Remote Code Execution
- POC e-bridge-saveyzjfile-file-read: 泛微OA E-Bridge saveYZJFile 任意文件读取
- POC weaver-ebridge-addTasteJsonp-sqli: Weaver e-Bridge addTasteJsonp SQL Injection
- POC weaver-ebridge-checkmobile-sqli: Weaver E-Bridge CheckMobile SQL Injection
- POC commax-credentials-disclosure: COMMAX Smart Home Ruvie CCTV Bridge DVR - RTSP Credentials Disclosure
- POC exposed-adb: Exposed Android Debug Bridge
- 泛微云桥 e-Bridge checkMobile接口存在SQL注入漏洞
- Smartbedded MeteoBridge 存在远程命令执行漏洞(CVE-2025-4008)
- 泛微云桥 e-Bridge addTasteJsonp 接口存在SQL注入漏洞