Lucene search
K

108 matches found

CNNVD
CNNVD
added 2020/12/08 12:0 a.m.7 views

Contiki 缓冲区错误漏洞

Nut/OS is a modular, open-source real-time operating system for embedded platforms. A denial of service and remote code execution vulnerability exists in the DNS implementation in Ethernut in Nut/OS 5.1. The vulnerability stems from using the length byte of a domain name in a DNS query/response f...

9.8CVSS7.9AI score0.52259EPSS
Exploits0References4
CNNVD
CNNVD
added 2020/12/08 12:0 a.m.7 views

Contiki 缓冲区错误漏洞

Nut/OS is a modular, open-source real-time operating system for embedded platforms. A denial of service and remote code execution vulnerability exists in the DNS implementation in Ethernut in Nut/OS 5.1. The vulnerability stems from a failure to check the DNS response data length. An attacker cou...

9.8CVSS7.9AI score0.52259EPSS
Exploits0References4
CNNVD
CNNVD
added 2020/12/08 12:0 a.m.6 views

Contiki 缓冲区错误漏洞

Nut/OS is a modular, open-source real-time operating system for embedded platforms. A denial of service and remote code execution vulnerability exists in the DNS implementation in Ethernut in Nut/OS 5.1. The vulnerability stems from a failure to check if a domain name ends in '0'. An attacker cou...

9.8CVSS7.9AI score0.52259EPSS
Exploits0References4
CNVD
CNVD
added 2020/05/22 12:0 a.m.1 views

Denial of Service Vulnerability in Hammer Tech's Nut Pro 2 Phone

The Nut Pro 2 is a new phone announced by Hammer Technology on November 7, 2017 at the 2017 Hammer Technology Fall Launch Event. A denial of service vulnerability exists in the Hammer Tech Nut Pro 2 phone, which can be exploited by an attacker to consume system and device resources, causing the...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/06/27 12:0 a.m.5 views

The vulnerability of the NUT-Monitor software, a power supply management tool from the nut-monitor package, allows a intruder to trigger a service failure.

The vulnerability of the NUT-Monitor resource management software from the nut-monitor package is related to buffer overflow errors. Exploiting this vulnerability can allow an attacker to cause a service failure through a specially crafted script...

6.2CVSS5.9AI score
Exploits0
Prion
Prion
added 2018/07/13 8:29 p.m.12 views

Code injection

The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute...

3.3CVSS7.2AI score0.01079EPSS
Exploits1References3
NVD
NVD
added 2018/07/13 8:29 p.m.12 views

CVE-2016-6549

The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute...

4.3CVSS4.7AI score0.01079EPSS
Exploits1References3
NVD
NVD
added 2018/07/13 8:29 p.m.16 views

CVE-2016-6547

The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file...

7.8CVSS7.7AI score0.00409EPSS
Exploits1References3
Prion
Prion
added 2018/07/13 8:29 p.m.12 views

Design/Logic Flaw

The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file...

2.1CVSS7.2AI score0.00409EPSS
Exploits1References3
NVD
NVD
added 2018/07/13 8:29 p.m.13 views

CVE-2016-6548

The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account...

9.8CVSS9.5AI score0.03707EPSS
Exploits1References3
Prion
Prion
added 2018/07/13 8:29 p.m.11 views

Design/Logic Flaw

The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account...

5CVSS7.1AI score0.03707EPSS
Exploits1References3
CVE
CVE
added 2018/07/13 8:0 p.m.41 views

CVE-2016-6547

The CVE-2016-6547 issue affects the Zizai Tech Nut mobile app, where the account password used to authenticate to the cloud API is stored in cleartext in the cache.db file. This creates a local information exposure risk, enabling a user with access to the device to retrieve sensitive credentials....

7.8CVSS7.6AI score0.00409EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2018/07/13 8:0 p.m.13 views

CVE-2016-6549 Zizai Tech Nut allows for unauthenticated Bluetooth pairing

The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute...

5.7AI score0.01079EPSS
Exploits1References3
Cvelist
Cvelist
added 2018/07/13 8:0 p.m.22 views

CVE-2016-6548 Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token

The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account...

9.6AI score0.03707EPSS
Exploits1References3
Cvelist
Cvelist
added 2018/07/13 8:0 p.m.18 views

CVE-2016-6547 Zizai Tech Nut stores the account password in cleartext

The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file...

8.3AI score0.00409EPSS
Exploits1References3
CVE
CVE
added 2018/07/13 8:0 p.m.40 views

CVE-2016-6549

The CVE-2016-6549 entry concerns the Zizai Tech Nut device, where unauthenticated Bluetooth pairing enables unauthenticated connected applications to write data to the device name attribute. Affected component is the Nut device’s Bluetooth pairing/authentication logic, with impact limited to mani...

4.3CVSS4.7AI score0.01079EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2018/07/13 8:0 p.m.39 views

CVE-2016-6548

The CVE-2016-6548 entry concerns the Zizai Tech Nut mobile app, where HTTP requests leak the user’s authenticated session token in the URL. This exposes the session token to network-level observers, enabling potential account takeover since the token can be reused to access the user’s account. Th...

9.8CVSS9.6AI score0.03707EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2016/10/28 12:0 a.m.4 views

Zizai Tech Nut Design Vulnerability

Zizai Tech Nut is a Nut smart finder and anti-loss patch product from China's Zizai Tech. Zizai Tech Nut allows unauthorized pairing of Bluetooth devices, which can be exploited by a remote attacker to submit a special request to write data to the device name attribute...

4.3CVSS7AI score0.01079EPSS
Exploits1References1
CNVD
CNVD
added 2016/10/28 12:0 a.m.4 views

Zizai Tech Nut Plaintext Password Vulnerability

Zizai Tech Nut is a Nut smart finder and anti-loss patch product from China's Zizai Tech. Zizai Tech Nut stores passwords in plaintext. A remote attacker could exploit this vulnerability to track a user's location...

7.8CVSS6.9AI score0.00409EPSS
Exploits1References1
CERT
CERT
added 2016/10/25 12:0 a.m.43 views

Zizai Tech Nut contains multiple vulnerabilities

Overview Zizai Tech Nut contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-313: Cleartext Storage in a File or on Disk - CVE-2016-6547The Nut mobile app stores the account password used to authenticate to the cloud API in...

9.8CVSS6.8AI score0.03707EPSS
Exploits3References2
Rows per page
Query Builder