137 matches found
Command injection
The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication...
CVE-2022-45877
OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks...
Cross site scripting
OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks...
CVE-2022-45877 PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.
OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks...
OpenHarmony 授权问题漏洞
OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom Foundation OpenAtom Foundation Foundation. A security vulnerability exists in OpenHarmony-v3.1.4 and earlier versions, which stems from a PIN code being transmitted in plaintext to the opposite device during...
CVE-2022-45877 PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.
OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks...
CVE-2022-45877
OpenHarmony v3.1.4 and earlier are affected by CVE-2022-45877, where the PIN code is transmitted in plaintext during cross-device authentication, enabling easier MITM attempts. Affected component: cross-device authentication flow in OpenHarmony before 3.1.4. Root cause: PIN code transmitted in pl...
CVE-2020-11015 Device Authentication Vulnerability in thinx-device-api IoT Device Management Server
A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be...
CVE-2020-11015 Device Authentication Vulnerability in thinx-device-api IoT Device Management Server
A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be...
September 20, 2022—KB5017379 (OS Build 17763.3469) Preview
September 20, 2022—KB5017379 OS Build 17763.3469 Preview REMINDER 9/20/22 After today, September 20, 2022, there will no longer be optional, non-security releases known as "C" or preview releases for the 2019 LTSC editions and Windows Server 2019. Only cumulative monthly security updates known as...
CVE-2021-46740
The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality...
CVE-2021-46740
The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality...
CVE-2021-46740
The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality...
Design/Logic Flaw
The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality...
CVE-2021-46740
CVE-2021-46740 relates to Huawei HarmonyOS: a defect in the device authentication service module introduced during design, enabling a confidentiality-impacting vulnerability. Connected sources describe an authorization issue that could allow bypassing web authentication and grant administrative a...
CVE-2021-46740
The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality...
Huawei HarmonyOS 授权问题漏洞
Huawei HarmonyOS is an operating system from Huawei China. An authorization issue vulnerability exists in the Huawei HarmonyOS device authentication service module. Successful exploitation of this vulnerability could result in compromised confidentiality. An attacker could use this vulnerability ...
Design/Logic Flaw
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lea...
Dahua IPC 授权问题漏洞
The Dahua IPC is a series of industrial controls from Dahua, a Chinese company. An authentication bypass vulnerability exists in the Dahua IPC, which can be exploited by an attacker to bypass device authentication by constructing malicious packets...
Schneider-electric PowerLogic 多款产品授权问题漏洞
PowerLogic EGX300 is a French Schneider-electric application server an integrated gateway server A security vulnerability exists in PowerLogic's PM55xx, PM8ECC, EGX100, and EGX300 that stems from a weak password recovery from forgotten passwords vulnerability in the PowerLogic PM55xx, PowerLogic...