PT-2026-60925 · Sipeed · Picoclaw
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Sipeed PicoClaw versions prior to 0.3.0
Description
An authentication bypass exists in the LINE Webhook component due to a capture-replay flaw. A remote attacker can exploit this by manipulating the
webhook.ParseRequest() function within the pkg/channels/line/line.go file. Capture-replay is a technique where a valid data transmission is recorded and then re-sent to the system to trick it into granting unauthorized access.Recommendations
Update Sipeed PicoClaw to version 0.3.0 or later.
As a temporary mitigation, restrict access to the LINE Webhook component to minimize the risk of exploitation.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Picoclaw