36 matches found
CVE-2022-45635
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy...
Default credentials
An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism...
Information disclosure
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy...
CVE-2022-45635
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy...
MEGAFEIS DBD+ 安全漏洞
MEGAFEIS DBD+ is a smart fingerprint Bluetooth padlock from MEGAFEIS. A security vulnerability exists in MEGAFEIS DBD+ version 1.4.4, which stems from a vulnerability that allows an attacker to access sensitive account information via an insecure password policy...
CVE-2022-45637
An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism...
CVE-2022-45636
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock models without authorization via arbitrary API requests...
MEGAFEIS DBD+ 安全漏洞
MEGAFEIS DBD+ is a smart fingerprint Bluetooth padlock from MEGAFEIS. A security vulnerability exists in MEGAFEIS DBD+ version 1.4.4, which stems from a vulnerability that allows an attacker to unlock the model without authorization via arbitrary API requests...
MEGAFEIS DBD+ 授权问题漏洞
MEGAFEIS DBD+ is a smart fingerprint Bluetooth padlock from MEGAFEIS. A security vulnerability exists in MEGAFEIS DBD+ version 1.4.4 that stems from the presence of an insecure password reset...
CVE-2022-45636
MEGAFEIS DBD+ mobile app (iOS/Android) version 1.4.4 is affected by CVE-2022-45636 due to an insecure authorization scheme for API requests that allows an attacker to unlock models without authorization via arbitrary API calls. The issue targets the DBD+ backend endpoints used by the Megafeis sma...
PT-2023-14725 · Megafeis · Megafeis
Name of the Vulnerable Software and Affected Versions: MEGAFEIS, BOFEI DBD+ Application for IOS & Android version 1.4.4 Description: An issue in the MEGAFEIS, BOFEI DBD+ Application allows an attacker to unlock models without authorization via arbitrary API requests. Recommendations: For version...
CVE-2022-45637
CVE-2022-45637 concerns MEGAFEIS/BOFEI DBD+ mobile app (iOS & Android) v1.4.4 with an insecure password reset code expiry mechanism. Multiple connected sources (NVD, Red Hat, CVE list, PRION, and WithSecure PoC repo) describe the vulnerability as an insecure expiry mechanism for password reset, e...
CVE-2022-45635
MEGAFEIS DBD+ mobile app for iOS/Android v1.4.4 is affected by CVE-2022-45635. The issue is due to an insecure password policy and lack of rate limiting on the Megafeis back-end API, enabling exposure of sensitive account information. A PoC/exploit exists (WithSecure megafeis-palm repository) and...
CVE-2022-45635
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy...
CVE-2022-45636
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock models without authorization via arbitrary API requests...
CVE-2022-45637
An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism...