Print - 【Vulnerability Alert】Ming Xiang Technology Industrial Co., Ltd. | All-in-One Indoor Air Quality Sensor (IAQS) and 7-inch Touchscreen IoT Alert Control System (I6)

【Vulnerability Alert】Ming Xiang Technology Industrial Co., Ltd. | All-in-One Indoor Air Quality Sensor (IAQS) and 7-inch Touchscreen IoT Alert Control System (I6) – Two Vulnerabilities Identified

publish date : 2026-01-30 update date : 2026-02-02

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2026012808013535	Publication Time	2026/01/28 08:49
Incident Type	ANA-Vulnerability Alert	Discovery Time	2026/01/28 08:49
Impact Level	Low
[Subject] 【Vulnerability Alert】Ming Xiang Technology Industrial Co., Ltd. \| All-in-One Indoor Air Quality Sensor (IAQS) and 7-inch Touchscreen IoT Alert Control System (I6) – Two Vulnerabilities Identified
[Content] Forwarded from TWCERTCC-200-202601-00000022 【Ming Xiang Technology Industrial Co., Ltd. \| All-in-One Indoor Air Quality Sensor (IAQS) and 7-inch Touchscreen IoT Alert Control System (I6) – Client-Side Enforcement of Server-Side Security】 (CVE-2026-1363, CVSS: 9.8) A Client-Side Enforcement of Server-Side Security vulnerability exists in the All-in-One Indoor Air Quality Sensor (IAQS) and the 7-inch Touchscreen IoT Alert Control System (I6). An unauthenticated remote attacker can obtain administrator privileges by manipulating the web front-end. 【Ming Xiang Technology Industrial Co., Ltd. \| All-in-One Indoor Air Quality Sensor (IAQS) and 7-inch Touchscreen IoT Alert Control System (I6) – Missing Authentication】 (CVE-2026-1364, CVSS: 9.8) A Missing Authentication vulnerability exists in the All-in-One Indoor Air Quality Sensor (IAQS) and the 7-inch Touchscreen IoT Alert Control System (I6). An unauthenticated remote attacker can directly operate system management functions." (Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] All-in-One Indoor Air Quality Sensor (IAQS) and 7-inch Touchscreen IoT Alert Control System (I6)
[Recommended Actions] The vendor has released patches for devices using the M4 chipset. Devices using the M3 chipset do not support updates, and replacement is recommended. Please contact the vendor to confirm the chipset used by your device and take the corresponding actions.
[Reference] https://www.twcert.org.tw/tw/cp-132-10652-4cdca-1.html

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw