An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets.
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.