본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26637 | SiHAS Improper Authentication vulnerability2022.06.22
□ Overview
 o Shina System Co.,Ltd released security update to address Improper Authentication vulnerability in SiHAS product.
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
Improper Authentication Information exposure
and remote control
High 8.8 CVE-2021-26637

□ Description
 o There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device.

□ Affected Product
Affected Product
Product Version Platform
SiHAS firmware / old app 1.xx / old app Android, iOS

□ Solution
 o Update firmware over version 2.xx or higher and install Sihas New App

□ Reference
[1] https://sihas.co.kr
[2] https://play.google.com/store/apps/details?id=com.sihas_new_app&hl=en_KR&gl=kr
[3] https://apps.apple.com/tc/app/id1582092249

□ Acknowledgements
 o Thanks to Choe Simhyeon for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀