https://blog.qife122.com/tags/cwe-290/ Recent content in CWE-290 on 办公AI智能小助手 Hugo zh-cn qife Sun, 14 Dec 2025 21:57:16 +0800 https://blog.qife122.com/p/%E5%9B%BA%E4%BB%B6%E6%BC%8F%E6%B4%9E%E9%A2%84%E8%AD%A6growatt-shinelan-x%E9%80%9A%E4%BF%A1%E6%A8%A1%E5%9D%97%E7%9A%84swd%E8%B0%83%E8%AF%95%E6%8E%A5%E5%8F%A3%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81%E7%BB%95%E8%BF%87cve-2025-36753/ Sun, 14 Dec 2025 21:57:16 +0800 https://blog.qife122.com/p/%E5%9B%BA%E4%BB%B6%E6%BC%8F%E6%B4%9E%E9%A2%84%E8%AD%A6growatt-shinelan-x%E9%80%9A%E4%BF%A1%E6%A8%A1%E5%9D%97%E7%9A%84swd%E8%B0%83%E8%AF%95%E6%8E%A5%E5%8F%A3%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81%E7%BB%95%E8%BF%87cve-2025-36753/ <h1 id="cve-2025-36753-growatt-shinelan-x-中由欺骗导致的身份验证绕过-cwe-290">CVE-2025-36753: Growatt ShineLan-X 中由欺骗导致的身份验证绕过 (CWE-290)</h1> <p><strong>严重性：高</strong> <strong>类型：漏洞</strong> <strong>CVE: CVE-2025-36753</strong></p> <p>Growatt ShineLan-X 通信模块的 SWD 调试接口默认可用，允许攻击者获得设备的调试访问权限，并从设备内部提取密钥或域。</p>