【資安漏洞預警】銘祥科技實業|多合一室內空氣品質監測器(IAQS)與觸控型7吋IoT預警控制系統(I6)- 存在2個漏洞
[Security Vulnerability Alert] JNC Technology | All-in-One Indoor Air Quality Monitor (IAQS) and Touchscreen 7-inch IoT Early Warning Control System (I6) - Two Vulnerabilities Exist

發布單位:圖資處數位服務組
日期範圍:2026/1/29 ~ 2026/7/29
 
發布單位:圖資處數位服務組
日期範圍:2026/1/29 ~ 2026/7/29
行政 行政公告
全體

轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202601-00000022

[內容說明]
【銘祥科技實業|多合一室內空氣品質監測器(IAQS)與觸控型7吋IoT預警控制系統(I6)- Client-Side Enforcement of Server-Side Security】
( CVE-2026-1363,CVSS:9.8) 多合一室內空氣品質監測器(IAQS)與觸控型7吋IoT預警控制系統(I6)存在Client-Side Enforcement of Server-Side Security漏洞,未經身分鑑別之遠端攻擊者可透過調整網頁前端取得管理者權限。

【銘祥科技實業|多合一室內空氣品質監測器(IAQS)與觸控型7吋IoT預警控制系統(I6)- Missing Authentication】
( CVE-2026-1364,CVSS:9.8) 多合一室內空氣品質監測器(IAQS)與觸控型7吋IoT預警控制系統(I6)存在Missing Authentication漏洞,未經身分鑑別之遠端攻擊者可直接操作系統管理功能。

[影響平台]
多合一室內空氣品質監測器(IAQS)與觸控型7吋IoT預警控制系統(I6)

[建議措施]
廠商已針對使用M4晶片之設備釋出修補,使用M3晶片之設備不支援更新,建議進行更換。請聯繫廠商確認設備使用之晶片並採取對應措施。

[參考資料]
1. https://www.twcert.org.tw/tw/cp-132-10652-4cdca-1.html

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202601-00000022

[Content Description]
【JNC Technology | All-in-One Indoor Air Quality Monitor (IAQS) and Touchscreen 7-inch IoT Early Warning Control System (I6) - Client-Side Enforcement of Server-Side Security】
(CVE-2026-1363, CVSS: 9.8) The All-in-One Indoor Air Quality Monitor (IAQS) and Touchscreen 7-inch IoT Early Warning Control System (I6) contain a Client-Side Enforcement of Server-Side Security vulnerability. An unauthenticated remote attacker could gain administrator privileges by modifying the webpage front end.

【JNC Technology | All-in-One Indoor Air Quality Monitor (IAQS) and Touchscreen 7-inch IoT Early Warning Control System (I6) - Missing Authentication Vulnerability】
(CVE-2026-1364, CVSS: 9.8) The All-in-One Indoor Air Quality Monitor (IAQS) and Touchscreen 7-inch IoT Early Warning Control System (I6) contain a Missing Authentication vulnerability. An unauthenticated remote attacker can directly access the system's management functions.

[Affected Platforms]
All-in-One Indoor Air Quality Monitor (IAQS) and Touchscreen 7-inch IoT Early Warning Control System (I6)

[Recommended Actions]
The manufacturer has released a patch for devices using the M4 chip. Devices using the M3 chip do not support the update and are recommended to be replaced. Please contact the manufacturer to confirm the chip used in your device and take appropriate measures.

[References]
1. https://www.twcert.org.tw/tw/cp-132-10652-4cdca-1.html


相關附件
system_update_alt參考資料
【返回上頁】
Top↑