CVE-2022-43704

Name of the Vulnerable Software and Affected Versions Sinilink XY-WFT1 WiFi Remote Thermostat version 1.3.6

Description The issue allows an attacker to bypass the intended requirement to communicate using MQTT, enabling them to replay Sinilink aka SINILINK521 protocol commands via udp/1024 to interface directly with the target device. This allows for an attack to control the onboard relay without requiring authentication via the mobile application, potentially resulting in an unacceptable temperature within the target device's physical environment.

Recommendations For Sinilink XY-WFT1 WiFi Remote Thermostat version 1.3.6, consider disabling the replay of Sinilink aka SINILINK521 protocol commands as a temporary workaround until a patch is available. Restrict access to the udp/1024 interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.