Lucene search
K

137 matches found

Prion
Prion
added 2022/12/16 8:15 p.m.16 views

Command injection

The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication...

5.8CVSS9.3AI score0.01203EPSS
Exploits0References1Affected Software6
OSV
OSV
added 2022/12/08 4:15 p.m.6 views

CVE-2022-45877

OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks...

5.3CVSS5.8AI score0.00169EPSS
Exploits0References1
Prion
Prion
added 2022/12/08 4:15 p.m.13 views

Cross site scripting

OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks...

1.8CVSS5.4AI score0.00169EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/08 12:0 a.m.10 views

CVE-2022-45877 PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.

OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks...

8.3CVSS7AI score0.00169EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/12/08 12:0 a.m.4 views

OpenHarmony 授权问题漏洞

OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom Foundation OpenAtom Foundation Foundation. A security vulnerability exists in OpenHarmony-v3.1.4 and earlier versions, which stems from a PIN code being transmitted in plaintext to the opposite device during...

8.3CVSS5.8AI score0.00169EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/12/08 12:0 a.m.17 views

CVE-2022-45877 PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.

OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks...

8.3CVSS8.4AI score0.00169EPSS
Exploits0References1
CVE
CVE
added 2022/12/08 12:0 a.m.69 views

CVE-2022-45877

OpenHarmony v3.1.4 and earlier are affected by CVE-2022-45877, where the PIN code is transmitted in plaintext during cross-device authentication, enabling easier MITM attempts. Affected component: cross-device authentication flow in OpenHarmony before 3.1.4. Root cause: PIN code transmitted in pl...

8.3CVSS6.2AI score0.00169EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/09/29 1:42 a.m.32 views

CVE-2020-11015 Device Authentication Vulnerability in thinx-device-api IoT Device Management Server

A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be...

7.5CVSS9.2AI score0.00717EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/29 1:42 a.m.4 views

CVE-2020-11015 Device Authentication Vulnerability in thinx-device-api IoT Device Management Server

A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be...

7.5CVSS9.2AI score0.00717EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2022/09/20 12:0 a.m.8 views

September 20, 2022—KB5017379 (OS Build 17763.3469) Preview

September 20, 2022—KB5017379 OS Build 17763.3469 Preview REMINDER 9/20/22 After today, September 20, 2022, there will no longer be optional, non-security releases known as "C" or preview releases for the 2019 LTSC editions and Windows Server 2019. Only cumulative monthly security updates known as...

6.9AI score
Exploits0
NVD
NVD
added 2022/04/11 8:15 p.m.16 views

CVE-2021-46740

The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality...

7.5CVSS0.00725EPSS
Exploits0References2
OSV
OSV
added 2022/04/11 8:15 p.m.4 views

CVE-2021-46740

The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality...

7.5CVSS7.1AI score0.00725EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/04/11 8:15 p.m.8 views

CVE-2021-46740

The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality...

7.5CVSS7.2AI score0.00725EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2022/04/11 8:15 p.m.20 views

Design/Logic Flaw

The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality...

5CVSS7.6AI score0.00725EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2022/04/11 7:38 p.m.86 views

CVE-2021-46740

CVE-2021-46740 relates to Huawei HarmonyOS: a defect in the device authentication service module introduced during design, enabling a confidentiality-impacting vulnerability. Connected sources describe an authorization issue that could allow bypassing web authentication and grant administrative a...

7.5CVSS7.6AI score0.00725EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2022/04/11 7:38 p.m.16 views

CVE-2021-46740

The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality...

7.8AI score0.00725EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/04/05 12:0 a.m.4 views

Huawei HarmonyOS 授权问题漏洞

Huawei HarmonyOS is an operating system from Huawei China. An authorization issue vulnerability exists in the Huawei HarmonyOS device authentication service module. Successful exploitation of this vulnerability could result in compromised confidentiality. An attacker could use this vulnerability ...

7.5CVSS5.7AI score0.00725EPSS
Exploits0References4
Prion
Prion
added 2021/10/25 11:15 a.m.11 views

Design/Logic Flaw

Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lea...

5CVSS5.3AI score0.00949EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/09/15 12:0 a.m.4 views

Dahua IPC 授权问题漏洞

The Dahua IPC is a series of industrial controls from Dahua, a Chinese company. An authentication bypass vulnerability exists in the Dahua IPC, which can be exploited by an attacker to bypass device authentication by constructing malicious packets...

10CVSS7.5AI score0.99556EPSS
Exploits9References5
CNNVD
CNNVD
added 2021/06/11 12:0 a.m.4 views

Schneider-electric PowerLogic 多款产品授权问题漏洞

PowerLogic EGX300 is a French Schneider-electric application server an integrated gateway server A security vulnerability exists in PowerLogic's PM55xx, PM8ECC, EGX100, and EGX300 that stems from a weak password recovery from forgotten passwords vulnerability in the PowerLogic PM55xx, PowerLogic...

10CVSS8.3AI score0.01843EPSS
Exploits0References3
Rows per page
Query Builder