CNNVD-202601-3826 Information

CNNVD ID

CNNVD-202601-3826

Related CVE

CVE-2025-64097

• CNNVD Published: 2026-01-22

Description (Chinese)

NervesHub是NervesHub开源的一个管理Nerves设备的固件更新的软件。 NervesHub 1.0.0版本至2.3.0之前版本存在安全特征问题漏洞，该漏洞源于令牌格式可预测且非加密安全，可能导致暴力破解用户API令牌，造成未授权访问。

Description (English)

NervesHub is an updated software for the management of the Nerves equipment from the NervesHub open source. There is a security feature loophole in the pre-NervesHub 1.0.0 to 2.3.0, which stems from the predictable and unencrypted security of the token format, which can lead to violent break-up of the user API token, resulting in unauthorized access.

Hazard Level

Low

Vulnerability Type

安全特征问题

Affected Vendor

NervesHub

Published

2026-01-22

Last Modified

2026-02-24

References

https://github.com/nerves-hub/nerves_hub_web/pull/2024 https://github.com/nerves-hub/nerves_hub_web/releases/tag/v2.3.0 https://github.com/nerves-hub/nerves_hub_web/security/advisories/GHSA-m9vj-776q-vc8m

Patch

https://www.nerves-hub.org/