108 matches found
Contiki 缓冲区错误漏洞
Nut/OS is a modular, open-source real-time operating system for embedded platforms. A denial of service and remote code execution vulnerability exists in the DNS implementation in Ethernut in Nut/OS 5.1. The vulnerability stems from using the length byte of a domain name in a DNS query/response f...
Contiki 缓冲区错误漏洞
Nut/OS is a modular, open-source real-time operating system for embedded platforms. A denial of service and remote code execution vulnerability exists in the DNS implementation in Ethernut in Nut/OS 5.1. The vulnerability stems from a failure to check the DNS response data length. An attacker cou...
Contiki 缓冲区错误漏洞
Nut/OS is a modular, open-source real-time operating system for embedded platforms. A denial of service and remote code execution vulnerability exists in the DNS implementation in Ethernut in Nut/OS 5.1. The vulnerability stems from a failure to check if a domain name ends in '0'. An attacker cou...
Denial of Service Vulnerability in Hammer Tech's Nut Pro 2 Phone
The Nut Pro 2 is a new phone announced by Hammer Technology on November 7, 2017 at the 2017 Hammer Technology Fall Launch Event. A denial of service vulnerability exists in the Hammer Tech Nut Pro 2 phone, which can be exploited by an attacker to consume system and device resources, causing the...
The vulnerability of the NUT-Monitor software, a power supply management tool from the nut-monitor package, allows a intruder to trigger a service failure.
The vulnerability of the NUT-Monitor resource management software from the nut-monitor package is related to buffer overflow errors. Exploiting this vulnerability can allow an attacker to cause a service failure through a specially crafted script...
Code injection
The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute...
CVE-2016-6549
The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute...
CVE-2016-6547
The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file...
Design/Logic Flaw
The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file...
CVE-2016-6548
The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account...
Design/Logic Flaw
The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account...
CVE-2016-6547
The CVE-2016-6547 issue affects the Zizai Tech Nut mobile app, where the account password used to authenticate to the cloud API is stored in cleartext in the cache.db file. This creates a local information exposure risk, enabling a user with access to the device to retrieve sensitive credentials....
CVE-2016-6549 Zizai Tech Nut allows for unauthenticated Bluetooth pairing
The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute...
CVE-2016-6548 Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token
The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account...
CVE-2016-6547 Zizai Tech Nut stores the account password in cleartext
The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file...
CVE-2016-6549
The CVE-2016-6549 entry concerns the Zizai Tech Nut device, where unauthenticated Bluetooth pairing enables unauthenticated connected applications to write data to the device name attribute. Affected component is the Nut device’s Bluetooth pairing/authentication logic, with impact limited to mani...
CVE-2016-6548
The CVE-2016-6548 entry concerns the Zizai Tech Nut mobile app, where HTTP requests leak the user’s authenticated session token in the URL. This exposes the session token to network-level observers, enabling potential account takeover since the token can be reused to access the user’s account. Th...
Zizai Tech Nut Design Vulnerability
Zizai Tech Nut is a Nut smart finder and anti-loss patch product from China's Zizai Tech. Zizai Tech Nut allows unauthorized pairing of Bluetooth devices, which can be exploited by a remote attacker to submit a special request to write data to the device name attribute...
Zizai Tech Nut Plaintext Password Vulnerability
Zizai Tech Nut is a Nut smart finder and anti-loss patch product from China's Zizai Tech. Zizai Tech Nut stores passwords in plaintext. A remote attacker could exploit this vulnerability to track a user's location...
Zizai Tech Nut contains multiple vulnerabilities
Overview Zizai Tech Nut contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-313: Cleartext Storage in a File or on Disk - CVE-2016-6547The Nut mobile app stores the account password used to authenticate to the cloud API in...