13 matches found
ECHO-12B7-FB50-C92A
Bulletin has no description...
CVE-2020-8791
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make unauthorized API requests on behalf of arbitrary...
CVE-2020-8792
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the lock is bound, as well as the name of the lock. Valid...
CVE-2020-10876
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute...
Code injection
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute...
Code injection
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the lock is bound, as well as the name of the lock. Valid...
CVE-2020-8792
The CVE-2020-8792 entry concerns the OKLOK 3.1.1 mobile companion app for the Fingerprint Bluetooth Padlock FB50 (2.3), where an information-disclosure flaw allows an attacker to learn arbitrary users’ emails and lock names by supplying valid, guessable barcodes through the app interface. Technic...
CVE-2020-8791
The CVE-2020-8791 entry covers the OKLOK ecosystem (OKLOK 3.1.1 mobile app for the Fingerprint Bluetooth Padlock FB50 2.3). The vulnerability is an IDOR flaw allowing an authenticated but unauthorized token to perform API requests on behalf of arbitrary user IDs, enabling exposure of user data su...
CVE-2020-8790
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack...
CVE-2020-10876
The CVE concerns the OKLOK mobile companion app (version 3.1.1) for Fingerprint Bluetooth Padlock FB50 (2.3). Root cause: timeout not implemented and verification attempt limits are not properly enforced on the four-digit code used to reset passwords. Impact: attacker can brute‑force the code to ...
CVE-2019-13143
An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the...
CVE-2019-13143
An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the...
Buffer overflow
An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the...