Xiaozhi Esp32
Monthly
Denial-of-service in xiaozhi-esp32 MQTT firmware (versions up to 2.2.6) allows a remote attacker to crash the device's MQTT session handler by sending a crafted goodbye message containing a non-string session_id field. The MQTT Goodbye Handler in mqtt_protocol.cc fails to validate the cJSON type of the session_id node before dereferencing its valuestring member, producing undefined behavior that terminates the session. A public proof-of-concept exists (GitHub issue #2022), but attack complexity is rated high (AC:H) and the vulnerability is not listed in the CISA KEV catalog, suggesting exploitation requires deliberate effort rather than opportunistic scanning.
Improper response routing in xiaozhi-esp32 firmware up to version 2.2.6 allows any authenticated WebSocket client to receive MCP (Model Context Protocol) responses intended for other connected clients, enabling cross-client information disclosure and low-integrity interference. The flaw resides in the ParseMessage function within main/mcp_server.cc, where the MCP Response Handler broadcasts responses globally to all connected WebSocket clients on port 8080 rather than routing replies back to the originating client. A public proof-of-concept is available via GitHub issue #2020; no active exploitation has been confirmed in CISA KEV, and the CVSS 4.0 score of 2.3 reflects high attack complexity and limited overall impact in this niche IoT context.
Denial-of-service in xiaozhi-esp32 MQTT firmware (versions up to 2.2.6) allows a remote attacker to crash the device's MQTT session handler by sending a crafted goodbye message containing a non-string session_id field. The MQTT Goodbye Handler in mqtt_protocol.cc fails to validate the cJSON type of the session_id node before dereferencing its valuestring member, producing undefined behavior that terminates the session. A public proof-of-concept exists (GitHub issue #2022), but attack complexity is rated high (AC:H) and the vulnerability is not listed in the CISA KEV catalog, suggesting exploitation requires deliberate effort rather than opportunistic scanning.
Improper response routing in xiaozhi-esp32 firmware up to version 2.2.6 allows any authenticated WebSocket client to receive MCP (Model Context Protocol) responses intended for other connected clients, enabling cross-client information disclosure and low-integrity interference. The flaw resides in the ParseMessage function within main/mcp_server.cc, where the MCP Response Handler broadcasts responses globally to all connected WebSocket clients on port 8080 rather than routing replies back to the originating client. A public proof-of-concept is available via GitHub issue #2020; no active exploitation has been confirmed in CISA KEV, and the CVSS 4.0 score of 2.3 reflects high attack complexity and limited overall impact in this niche IoT context.