[VULNERABILITY ALERT] Ming-Xiang Technology | All-in-one Indoor Air Quality Monitor (IAQS) and Touch-type 7-inch IoT Warning Control System (I6) - Contains 2 Vulnerabilities

• Subject: [VULNERABILITY ALERT] Ming-Xiang Technology | All-in-one Indoor Air Quality Monitor (IAQS) and Touch-type 7-inch IoT Warning Control System (I6) - Contains 2 Vulnerabilities

• Content Description:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center (TWCERTCC) Security Alert TWCERTCC-200-202601-00000022
  • [Ming-Xiang Technology | All-in-one Indoor Air Quality Monitor (IAQS) and Touch-type 7-inch IoT Warning Control System (I6) - Client-Side Enforcement of Server-Side Security]
  • (CVE-2026-1363, CVSS: 9.8) The All-in-one Indoor Air Quality Monitor (IAQS) and Touch-type 7-inch IoT Warning Control System (I6) contain a Client-Side Enforcement of Server-Side Security vulnerability. An unauthenticated remote attacker can gain administrator privileges by adjusting the web front-end.
  • [Ming-Xiang Technology | All-in-one Indoor Air Quality Monitor (IAQS) and Touch-type 7-inch IoT Warning Control System (I6) - Missing Authentication]
  • (CVE-2026-1364, CVSS: 9.8) The All-in-one Indoor Air Quality Monitor (IAQS) and Touch-type 7-inch IoT Warning Control System (I6) contain a Missing Authentication vulnerability. An unauthenticated remote attacker can directly operate system management functions.
• Affected Platforms:
  • All-in-one Indoor Air Quality Monitor (IAQS) and Touch-type 7-inch IoT Warning Control System (I6)
• Recommended Actions:
  • The manufacturer has released patches for devices using M4 chips. Devices using M3 chips do not support updates; replacement is recommended. Please contact the manufacturer to confirm the chip used in the device and take corresponding measures.
• Reference Material:
  1. https://www.twcert.org.tw/tw/cp-132-10652-4cdca-1.html

Computer and Communication Center
Network Systems Division, Respectfully