17 matches found
EUVD-2017-3195
Malware in sbrugna...
EUVD-2017-3194
Malware in sbrugna...
EUVD-2017-3193
Malware in sbrugna...
CVE-2017-11580
Blipcare Wifi blood pressure monitor BP700 10.1 devices allow memory corruption that results in Denial of Service. When connected to the "Blip" open wireless connection provided by the device, if a large string is sent as a part of the HTTP request in any part of the HTTP headers, the device coul...
CVE-2017-11580
Blipcare Wifi blood pressure monitor BP700 10.1 devices allow memory corruption that results in Denial of Service. When connected to the "Blip" open wireless connection provided by the device, if a large string is sent as a part of the HTTP request in any part of the HTTP headers, the device coul...
CVE-2017-11578
It was discovered as a part of the research on IoT devices in the most recent firmware for Blipcare device that the device allows to connect to web management interface on a non-SSL connection using plain text HTTP protocol. The user uses the web management interface of the device to provide the...
CVE-2017-11578
It was discovered as a part of the research on IoT devices in the most recent firmware for Blipcare device that the device allows to connect to web management interface on a non-SSL connection using plain text HTTP protocol. The user uses the web management interface of the device to provide the...
CVE-2017-11579
In the most recent firmware for Blipcare, the device provides an open Wireless network called "Blip" for communicating with the device. The user connects to this open Wireless network and uses the web management interface of the device to provide the user's Wi-Fi credentials so that the device ca...
Design/Logic Flaw
In the most recent firmware for Blipcare, the device provides an open Wireless network called "Blip" for communicating with the device. The user connects to this open Wireless network and uses the web management interface of the device to provide the user's Wi-Fi credentials so that the device ca...
Memory corruption
Blipcare Wifi blood pressure monitor BP700 10.1 devices allow memory corruption that results in Denial of Service. When connected to the "Blip" open wireless connection provided by the device, if a large string is sent as a part of the HTTP request in any part of the HTTP headers, the device coul...
Design/Logic Flaw
It was discovered as a part of the research on IoT devices in the most recent firmware for Blipcare device that the device allows to connect to web management interface on a non-SSL connection using plain text HTTP protocol. The user uses the web management interface of the device to provide the...
CVE-2017-11580
Blipcare Wifi blood pressure monitor BP700 10.1 devices allow memory corruption that results in Denial of Service. When connected to the "Blip" open wireless connection provided by the device, if a large string is sent as a part of the HTTP request in any part of the HTTP headers, the device coul...
CVE-2017-11580
CVE-2017-11580 affects Blipcare BP700 10.1 devices where memory corruption triggers a denial of service. The root cause is a small 256 KB Wi‑Fi memory footprint, enabling an unsafe string copy (memcpy/strcpy) in HTTP header handling that can fill memory and halt the device. Testing notes referenc...
CVE-2017-11579
The CVE-2017-11579 entry concerns Blipcare devices offering an open Wireless network named “Blip” for management. The firmware allows users to connect to this network to submit Wi‑Fi credentials, enabling the device to access the Internet. A nearby attacker can sniff credentials and may connect t...
CVE-2017-11579
In the most recent firmware for Blipcare, the device provides an open Wireless network called "Blip" for communicating with the device. The user connects to this open Wireless network and uses the web management interface of the device to provide the user's Wi-Fi credentials so that the device ca...
CVE-2017-11578
It was discovered as a part of the research on IoT devices in the most recent firmware for Blipcare device that the device allows to connect to web management interface on a non-SSL connection using plain text HTTP protocol. The user uses the web management interface of the device to provide the...
CVE-2017-11578
CVE-2017-11578 affects the Blipcare wireless blood pressure monitor. The device exposes its web management interface over plain HTTP (non-SSL), allowing an attacker on the same wireless network to conduct a MITM and sniff the user’s Wi‑Fi credentials. The impact is disclosure of credentials witho...