CVE-2022-45636

2023-03-2100:00:00

mitre

www.cve.org

megafeis

bofei dbd+

ios & android

unauthorized access

api requests

cve-2022-45636

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.2%

JSON

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.

References

github.com/WithSecureLabs/megafeis-palm/tree/main/CVE-2022-45636

labs.withsecure.com/advisories/insecure-authorization-scheme-for-api-requests-in-dbd--mobile-co