Lucene search
K

36 matches found

OSV
OSV
added 2023/03/21 4:15 p.m.4 views

CVE-2022-45635

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy...

7.5CVSS5.8AI score0.00783EPSS
Exploits2References1
Prion
Prion
added 2023/03/21 4:15 p.m.18 views

Default credentials

An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism...

7.5CVSS9.2AI score0.00771EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/03/21 4:15 p.m.13 views

Information disclosure

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy...

5CVSS7.5AI score0.00783EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/21 12:0 a.m.8 views

CVE-2022-45635

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy...

7.6AI score0.00783EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/03/21 12:0 a.m.4 views

MEGAFEIS DBD+ 安全漏洞

MEGAFEIS DBD+ is a smart fingerprint Bluetooth padlock from MEGAFEIS. A security vulnerability exists in MEGAFEIS DBD+ version 1.4.4, which stems from a vulnerability that allows an attacker to access sensitive account information via an insecure password policy...

7.5CVSS7.3AI score0.00783EPSS
Exploits2References2
Cvelist
Cvelist
added 2023/03/21 12:0 a.m.23 views

CVE-2022-45637

An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism...

9.6AI score0.00771EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/03/21 12:0 a.m.7 views

CVE-2022-45636

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock models without authorization via arbitrary API requests...

8AI score0.00688EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/03/21 12:0 a.m.3 views

MEGAFEIS DBD+ 安全漏洞

MEGAFEIS DBD+ is a smart fingerprint Bluetooth padlock from MEGAFEIS. A security vulnerability exists in MEGAFEIS DBD+ version 1.4.4, which stems from a vulnerability that allows an attacker to unlock the model without authorization via arbitrary API requests...

8.1CVSS7.9AI score0.00688EPSS
Exploits2References3
CNNVD
CNNVD
added 2023/03/21 12:0 a.m.3 views

MEGAFEIS DBD+ 授权问题漏洞

MEGAFEIS DBD+ is a smart fingerprint Bluetooth padlock from MEGAFEIS. A security vulnerability exists in MEGAFEIS DBD+ version 1.4.4 that stems from the presence of an insecure password reset...

9.8CVSS8.3AI score0.00771EPSS
Exploits1References2
CVE
CVE
added 2023/03/21 12:0 a.m.64 views

CVE-2022-45636

MEGAFEIS DBD+ mobile app (iOS/Android) version 1.4.4 is affected by CVE-2022-45636 due to an insecure authorization scheme for API requests that allows an attacker to unlock models without authorization via arbitrary API calls. The issue targets the DBD+ backend endpoints used by the Megafeis sma...

8.1CVSS7.9AI score0.00688EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/21 12:0 a.m.3 views

PT-2023-14725 · Megafeis · Megafeis

Name of the Vulnerable Software and Affected Versions: MEGAFEIS, BOFEI DBD+ Application for IOS & Android version 1.4.4 Description: An issue in the MEGAFEIS, BOFEI DBD+ Application allows an attacker to unlock models without authorization via arbitrary API requests. Recommendations: For version...

8.1CVSS7.8AI score0.00688EPSS
Exploits2References6
CVE
CVE
added 2023/03/21 12:0 a.m.55 views

CVE-2022-45637

CVE-2022-45637 concerns MEGAFEIS/BOFEI DBD+ mobile app (iOS & Android) v1.4.4 with an insecure password reset code expiry mechanism. Multiple connected sources (NVD, Red Hat, CVE list, PRION, and WithSecure PoC repo) describe the vulnerability as an insecure expiry mechanism for password reset, e...

9.8CVSS9.2AI score0.00771EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/03/21 12:0 a.m.50 views

CVE-2022-45635

MEGAFEIS DBD+ mobile app for iOS/Android v1.4.4 is affected by CVE-2022-45635. The issue is due to an insecure password policy and lack of rate limiting on the Megafeis back-end API, enabling exposure of sensitive account information. A PoC/exploit exists (WithSecure megafeis-palm repository) and...

7.5CVSS7.5AI score0.00783EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/03/21 12:0 a.m.28 views

CVE-2022-45635

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy...

7.8AI score0.00783EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/03/21 12:0 a.m.30 views

CVE-2022-45636

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock models without authorization via arbitrary API requests...

8.2AI score0.00688EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/03/21 12:0 a.m.7 views

CVE-2022-45637

An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism...

9.4AI score0.00771EPSS
Exploits1References1
Rows per page
Query Builder