70 matches found
Forever CALL ME KW-50和Forever CALL ME KW-60 安全漏洞
The Forever CALL ME KW-50 and Forever CALL ME KW-60 are both children's phone watches from Forever. Forever CALL ME KW-50 R36YDRA3PWGM7SV1.02019071516.19.24cobh version and Forever CALL ME KW-60 R36CWYDES4A292V1.02023.05.2422.49.44 A security vulnerability exists in the cobb version, which stems...
PT-2024-12703 · Tcl +1 · Tcl 30Z +4
Name of the Vulnerable Software and Affected Versions: TCL 30Z versions 12/SP1A.210812.016/LV8E through 12/SP1A.210812.016/vU6X TCL A3X versions 11/RKQ1.201202.002/vAAZ through 11/RKQ1.201202.002/vABS TCL 20XE versions 11/RP1A.200720.011/PB7I-0 through 11/RP1A.200720.011/PB83-0 TCL 10L versions...
PT-2022-25095 · Samsung · Exynos
Name of the Vulnerable Software and Affected Versions: Exynos baseband versions prior to SMR DEC-2022 Release 1 Description: The issue concerns improper authorization, allowing a remote attacker to obtain sensitive information, including the IMEI, via an emergency call. Recommendations: For...
Securing your IoT with Edge Secured-core devices
A recent study conducted by Microsoft in partnership with Ponemon Institute included a survey of companies that have adopted IoT solutions and 65 percent of them mentioned that security is a top priority when implementing IoT. Attacks targeting IoT devices put businesses at risk. Impacted devices...
CVE-2021-41849
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information PII in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity IMEI. This PII is transmitted to...
Identity in IoT
NOTE: This was originally posted on 19 Jun 2020 but I decided that a rewrite was in order, for clarity and better flow. Identity is important in the Internet of Things Device identity is one of the most important security challenges in IoT. If you get identity management wrong, you run a...
CVE-2019-11419
vcodec2hlsfilter in libvoipCodecv7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service application crash by replacing an emoji file under the /sdcard/tencent/MicroMsg directory with a crafted .wxgf file. The content of the replacement must be...
Design/Logic Flaw
On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle MITM attack. ThreatMetrix is a security library for mobile applications, which aims to provide fraud preventi...
Unspecified vulnerability in Google Android Qualcomm component (CNVD-2017-27869)
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA in the U.S. Qualcomm is one of the Qualcomm components used in Qualcomm devices. An unspecified vulnerability exists in the Google Android Qualcomm component, where the UE may send...
XenMobile not renewing Device Identify Cert automatically on iOS devices
The device identity certificates apple profile, apple mdm , ios agent that are pushed from the Xenmobile is valid from the date of enrollment for 2 years . The certificate shouldrenew automatically. However these three certificates are not renewed and hence the device becomes unamanaged and all...