18 matches found
CVE-2025-50944
An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation...
CVE-2025-46408
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...
CVE-2025-46408
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...
CVE-2025-50110
An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...
CVE-2025-46408
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...
CVE-2025-50944
An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation...
CVE-2025-46408
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...
PT-2025-37565
Name of the Vulnerable Software and Affected Versions: AVTECH EagleEyes Lite version 2.0.0 Description: The GetHttpsResponse method transmits sensitive information – including internal server URLs, account IDs, passwords, and device tokens – as plaintext query parameters over HTTPS. The affected...
PT-2025-37564
Name of the Vulnerable Software and Affected Versions: AVTECH EagleEyes version 2.0.0 Description: An issue was discovered in the GetHttpsResponse method of push.lite.avtech.com.AvtechLib and the getNewHttpClient method of push.lite.avtech.com.Push HttpService. These methods set ALLOW ALL HOSTNAM...
CVE-2025-50110
An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...
CVE-2025-50944
An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation...
CVE-2025-50110
CVE-2025-50110 affects AVTECH EagleEyes Lite 2.0.0. The GetHttpsResponse method transmits sensitive data (internal server URLs, account IDs, passwords, device tokens) as plaintext in URL query parameters over HTTPS, creating a cleartext leakage risk and credential exposure. The vulnerability is d...
CVE-2025-50944
CVE-2025-50944 affects AVTECH EagleEyes 2.0.0. The vulnerability is in push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted where a custom X509TrustManager only checks certificate expiration date and does not perform proper TLS chain validation, enabling potential MITM or improper trust ...
CVE-2025-46408
CVE-2025-46408 affects AVTECH EagleEyes 2.0.0. The vulnerability arises in AVTECH’s code paths push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient, where the code calls ALLOW_ALL_HOSTNAME_VERIFIER, bypassing hostname/domain validation during ...
CVE-2025-46408
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...
AVTECH EagleEyes Lite 安全漏洞
AVTECH EagleEyes Lite is a remote instant monitoring mobile application from AVTECH, a Taiwan, China-based company. A security vulnerability exists in AVTECH EagleEyes Lite version 2.0.0, which originates from the GetHttpsResponse method transmitting sensitive information with explicit query...
AVTECH EagleEyes 安全漏洞
AVTECH EagleEyes is a remote instant monitoring mobile application from AVTECH, a Taiwan, China-based company. A security vulnerability exists in AVTECH EagleEyes version 2.0.0, which originates from a custom X509TrustManager that only checks the certificate expiration date and skips TLS chain...
PT-2025-37566
Name of the Vulnerable Software and Affected Versions: AVTECH EagleEyes version 2.0.0 Description: The custom X509TrustManager used in the checkServerTrusted function only checks the certificate's expiration date, bypassing proper TLS chain validation. Recommendations: At the moment, there is no...