137 matches found
CVE-2021-25917
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user...
CVE-2025-30118
An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by occupying the only...
CVE-2025-30118
CVE-2025-30118 affects the Audi Universal Traffic Recorder (version/variant 2.88). The issue arises from use of the same default credentials across all devices and lack of proper multi-device authentication, enabling a denial of service by an attacker who can occupy the only available connection....
CVE-2025-30118
An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by occupying the only...
CVE-2025-30118
An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by occupying the only...
Audi Universal Traffic Recorder App 信任管理问题漏洞
The Audi Universal Traffic Recorder App is a special app for traffic recorders from Audi, which is used to connect to a traffic recorder, view previews, lock videos, and other operations. A security vulnerability exists in the Audi Universal Traffic Recorder App version 2.88, which could result i...
CVE-2025-27594 Unencrypted transmission of password hash
The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...
CVE-2025-27594 Unencrypted transmission of password hash
The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...
CVE-2025-24912
Summary: CVE-2025-24912 affects hostapd (RADIUS handling) and has been addressed in multiple vendor advisories. The issue causes hostapd to mishandle crafted RADIUS packets during authentication, enabling an attacker positioned between hostapd and the RADIUS server to inject crafted RADIUS packet...
CVE-2024-12839
The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. If a user visits a forged website, the agent program deployed on their device will send an authentication signature to the website. An unauthenticated remote...
CVE-2024-12839
The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. If a user visits a forged website, the agent program deployed on their device will send an authentication signature to the website. An unauthenticated remote...
CVE-2024-12839
CVE-2024-12839 affects CGFIDO by Changing Information Technology. The login uses a device authentication signature; an unauthenticated remote attacker who obtains this signature can log in with any device after visiting a forged site, constituting an authentication bypass. Connected sources menti...
PT-2024-17758 · Changing Information Technology · Cgfido
Name of the Vulnerable Software and Affected Versions: CGFIDO affected versions not specified Description: The login mechanism via device authentication of CGFIDO from Changing Information Technology has an authentication bypass issue. If a user visits a forged website, the agent program deployed...
Brocade Enable Login Check Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/telnet' class MetasploitModule 'Brocade Enable Login Check Scanner',...
Huawei HarmonyOS and EMUI device authentication module out-of-bounds access vulnerability
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. An out-of-bounds access vulnerability exists in the...
CVE-2023-44112
Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality...
CVE-2023-44112
Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality...
Improper access control
Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality...
CVE-2023-44112
Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality...
CVE-2023-44112
Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality...