496 matches found
CVE-2024-23958
CVE-2024-23958 affects Autel MaxiCharger AC Elite Business C50 with a BLE vulnerability in the BLE AppAuthenRequest handler that uses hardcoded credentials as a fallback. This allows network-adjacent attackers to bypass authentication on affected charging stations. The NVD entry lists a high base...
CVE-2024-23958 Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability
Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not requir...
Heap-based Buffer Overflow
libzephyr.so is vulnerable to a Heap-based Buffer Overflow. The vulnerability is due to inadequate validation of buffer lengths in BLE connection update operations, which could lead to a divide by zero condition...
CVE-2024-1578
The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration...
rf IDEAS MiCard PLUS Ci和MiCard PLUS BLE 安全漏洞
The rf IDEAS MiCard PLUS Ci and rf IDEAS MiCard PLUS BLE are both a card reader from rf IDEAS, Inc. in the USA. A security vulnerability exists in the rf IDEAS MiCard PLUS Ci and MiCard PLUS BLE that stems from a firmware failure that results in the assignment of an incorrect ID card number durin...
CVE-2024-34463
BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencrypted BLE packets. The packet data also lacks authentication and integrity protection...
CVE-2024-34463
BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencrypted BLE packets. The packet data also lacks authentication and integrity protection...
CVE-2024-34463
BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencrypted BLE packets. The packet data also lacks authentication and integrity protection...
CVE-2024-34463
The CVE-2024-34463 vulnerability affects BPL Medical Technologies’ PWS-01BT devices and Be Well Android app, with sensitive data sent in unencrypted BLE packets and lacking authentication/integrity protection. Connected sources (Red Hat, CISA ICS) confirm cleartext transmission and potential inte...
CVE-2024-7795
Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 EV chargers...
CVE-2024-7795 Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability
Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 EV chargers...
CVE-2024-7795 Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability
Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 EV chargers...
CVE-2024-7795
Autel MaxiCharger AC Elite Business C50 EV chargers are affected by CVE-2024-7795. The vulnerability lies in handling of the AppAuthenExchangeRandomNum BLE command, where insufficient validation of the length of user-supplied data copied into a fixed-length stack buffer can allow a network-adjace...
Google Android Authentication Bypass Vulnerability (CNVD-2024-33528)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an authentication bypass vulnerability that stems from an incorrect protocol implementation in the smpprocrand method of the smpact.cc file, which can be exploited by an attacker to potentially...
CVE-2024-32670
Exposure of Sensitive Information to an Unauthorized Actor in Samsung Galaxy SmartTag2 prior to 0.20.04 allows attackes to potentially identify the tag's location by scanning the BLE adversting...
CVE-2024-32670
Exposure of Sensitive Information to an Unauthorized Actor in Samsung Galaxy SmartTag2 prior to 0.20.04 allows attackes to potentially identify the tag's location by scanning the BLE adversting...
CVE-2024-32670
Exposure of Sensitive Information to an Unauthorized Actor in Samsung Galaxy SmartTag2 prior to 0.20.04 allows attackes to potentially identify the tag's location by scanning the BLE adversting...
CVE-2024-32670
The CVE-2024-32670 entry relates to Samsung Galaxy SmartTag2 prior to version 0.20.04. The root cause is exposure of sensitive information via BLE advertising, which can allow an attacker to potentially identify the tag’s location. Affected product: Samsung Galaxy SmartTag2; affected component/fu...
CVE-2024-34722
In smpprocrand of smpact.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-34722
In smpprocrand of smpact.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...