An overly permissive CORS policy in the Aqara IAM/SSO gateway exposes user sessions and credentials to unauthorized cross-origin access.

The gateway exhibits a cross-origin request sharing vulnerability (CWE-942) due to an overly permissive CORS configuration. This allows malicious actors to craft cross-origin requests that bypass standard security boundaries, potentially leading to the theft of user credentials and session information.

With a CVSS score of 8.2, this vulnerability represents a significant risk to identity management and single sign-on security. If exploited, an attacker could hijack user sessions or gain unauthorized access to protected resources, leading to potential data breaches and widespread compromise of user accounts.

Immediate Action: Apply vendor security updates as soon as they become available to correct the CORS policy configuration.

Proactive Monitoring: Monitor gateway logs for suspicious cross-origin requests originating from unknown or unauthorized domains.

Compensating Controls: Configure Web Application Firewalls (WAF) or server-level policies to enforce strict CORS headers and block requests that do not originate from trusted, authorized origins.

Public Exploit Available: null

Access control vulnerabilities in identity gateways are critical points of failure. Organizations should immediately review their CORS configurations and apply vendor-provided patches or mitigations to ensure that cross-origin access is restricted to legitimate, trusted domains only.