Aikaan IoT Management Platform Authentication Bypass Vulnerability via Sign-Up API

Vulnerability

An authentication bypass vulnerability has been identified in the Aikaan IoT management platform, specifically in version 3.25.0325-5-g2e9c59796. The platform allows unauthenticated users to register accounts through a sign-up API endpoint, even when the sign-up feature is disabled via the web interface. This oversight creates a loophole that could be exploited to gain unauthorized access to admin portals, undermining the platform's access control measures.

Impact

Exploitation of this vulnerability allows for unauthorized account creation, bypassing intended access controls. This could lead to unauthorized access to administrative functionalities or portals.

Added: Aug 21, 2025, 6:19 PM

Updated: Aug 21, 2025, 8:37 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Aikaan IoT Management Platform Authentication Bypass Vulnerability via Sign-Up API

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating