CVE-2022-43704

MEDIUM

Sinilink XY-WFT1 WiFi Remote Thermostat <1.3.6 - Auth Bypass

Title source: llm

Description

The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol (udp/1024) commands interfacing directly with the target device. This, in turn, allows for an attack to control the onboard relay without requiring authentication via the mobile application. This might result in an unacceptable temperature within the target device's physical environment.

Exploits (1)

nomisec WORKING POC 5 stars

by 9lyph · poc

https://github.com/9lyph/CVE-2022-43704

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-43704-capture-replay-vulnerability-in-sinilink-xy-wft1-thermostat/

Scores

CVSS v3 5.9

EPSS 0.0163

EPSS Percentile 82.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-294

Status published

Products (1)

sinilink/xy-wft1_firmware 1.3.6

Published Jan 20, 2023

Tracked Since Feb 18, 2026