9 matches found
EUVD-2015-5976
Malware in sbrugna...
CVE-2024-0242 Unauthorized access to settings in Qolsys IQ Panel 4 and IQ4 Hub
Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings...
CVE-2024-0242 Unauthorized access to settings in Qolsys IQ Panel 4 and IQ4 Hub
Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings...
Qolsys IQ Panel Security Bypass Vulnerability
Qolsys IQ Panel is an Android OS based touch screen controller for home automation devices and features. A security bypass vulnerability exists in Qolsys IQ Panel versions prior to 1.5.1 that fails to validate the digital signature of software updates. An attacker could exploit this vulnerability...
Qolsys IQ Panel Using Hardcoded Encryption Keys Vulnerability
Qolsys IQ Panel is an Android OS based touch screen controller for home automation devices and features. A security vulnerability exists in Qolsys IQ Panel versions prior to 1.5.1. A remote attacker can exploit the vulnerability to create a digital signature for code by cleverly constructing...
CVE-2015-6033
Qolsys IQ Panel aka QOL before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update...
Hardcoded credentials
Qolsys IQ Panel aka QOL before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation...
CVE-2015-6032
Qolsys IQ Panel (aka QOL) before version 1.5.1 is vulnerable due to hardcoded cryptographic keys, enabling a remote attacker to forge digital signatures for code by using a key from another installation. Affected devices accept forged updates or code as valid. The issue arises from use of hard-co...
CVE-2015-6033
Qolsys IQ Panel aka QOL before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update...