Lucene search
+L

68 matches found

Cvelist
Cvelist
added 2020/06/11 2:43 p.m.22 views

CVE-2020-0149

In btuhcifmodechangeevt of btuhcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product:...

5.3AI score0.00147EPSS
Exploits0References1
Prion
Prion
added 2019/08/29 1:15 a.m.20 views

Improper access control

A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software...

10CVSS9.4AI score0.02929EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2019/08/29 12:19 a.m.170 views

CVE-2019-13405

CVE-2019-13405 affects AndroVideo Advan VD-1 firmware v230. The issue is broken access control allowing an unauthenticated POST to cgibin/AdbSetting.cgi to enable ADB, enabling the attacker to take control of the device as a relay or install mining software. The public docs do not provide a patch...

10CVSS9.6AI score0.02929EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/08/29 12:19 a.m.22 views

CVE-2019-13405 Advan VD-1 allows a remote user to enable Android Debug Bridge without any authentication

A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software...

9.5AI score0.02929EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/05/22 6:11 p.m.33 views

CVE-2019-5625 Eaton Halo Home Android App Insecure Storage

The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an attacker to impersonate the legitimate user by...

2.8CVSS6.9AI score0.00411EPSS
Exploits1References2
CISA
CISA
added 2017/10/17 12:0 a.m.12 views

IC3 Issues Alert on IoT Devices

In conjunction with National Cyber Security Awareness Month, the Internet Crime Complaint Center IC3 has issued an alert to individuals and businesses about the security risks involved with the Internet of Things IoT. IoT refers to the emerging network of devices e.g., smart TVs, home automation...

6.8AI score
Exploits0References1
seebug.org
seebug.org
added 2017/05/02 12:0 a.m.58 views

Heap Overflow Vulnerability in Citrix NetScaler Gateway (CVE-2017-7219)

After presenting my findings on the Swisscom router at the CybSecConference last year, I started looking for a new product to analyze. I quickly found that it’s possible to download virtual “demo” appliances of Citrix products, so I went on to download a Netscaler VPX, which at the time was at...

9CVSS9.7AI score0.04856EPSS
Exploits2
ThreatPost
ThreatPost
added 2012/05/23 2:1 p.m.11 views

Common Firewall Feature Enables TCP Hijacking Attacks

Attackers using a feature that is common to many firewalls, switches and other networking gear could silently hijack Web sessions on mobile and desktop devices, according to a research paper presented by two Ph.D students from the University of Michigan. The two discovered that so-called TCP...

0.3AI score
Exploits0References2
Rows per page
Query Builder