Code injection

Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth...

CVE-2022-31459

CVE-2022-31459 affects Owl Labs Meeting Owl 5.2.0.15 and describes an information-disclosure vulnerability where an attacker can retrieve the passcode hash over Bluetooth Low Energy. The vulnerability stems from weak data exposure (passcode hash) via a BLE endpoint, enabling potential offline bru...

CVE-2022-31459

Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth...

CVE-2022-31461

The CVE-2022-31461 issue affects Owl Labs Meeting Owl 5.2.0.15, where an attacker in proximity can deactivate the device’s passcode protection by sending a specific BLE/companion-app message, effectively bypassing authentication. Root cause is a bypass of the passcode mechanism via a crafted mess...

CVE-2022-31461

Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message...

PT-2022-3409 · Owl · Owl Labs Meeting Owl

Name of the Vulnerable Software and Affected Versions: Owl Labs Meeting Owl version 5.2.0.15 Description: The issue is related to insufficient authentication procedure in the camera's firmware, allowing a remote attacker to bypass existing security restrictions. Specifically, it allows attackers ...

CVE-2022-22642

This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt...

CVE-2022-22642

This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt...

CVE-2022-22642

This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt...

CVE-2022-22618

This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt...

CVE-2022-22618

CVE-2022-22618 concerns iOS/iPadOS/watchOS where the Emergency SOS passcode prompt could be bypassed. The Apple advisories attribute the issue to insufficient or inadequate checks, with the fix implemented in watchOS 8.5, iOS 15.4, and iPadOS 15.4. The vulnerability is discussed with references t...

CVE-2021-27451

Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible algorithm, which may allow an attacker to gain access to the device...

CVE-2021-27451

Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible algorithm, which may allow an attacker to gain access to the device...

Design/Logic Flaw

Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible algorithm, which may allow an attacker to gain access to the device...

CVE-2021-27451

Summary: CVE-2021-27451 affects MesaLabs AmegaView, versions 3.0 and earlier, where the passcode is generated by an easily reversible algorithm, potentially allowing an attacker to gain access to the device. The broader ICS-CERT advisory (I CS A-21-147-03) and associated NVD/NPP records describe ...

Wokka Lokka Q50 信息泄露漏洞

The Wokka Lokka Q50 is a children's smartwatch from Wokka Lokka USA. The Wokka Lokka Q50 suffers from an information disclosure vulnerability that originates from allowing a remote attacker knowing the SIM phone number and passcode to listen to the device's surroundings via callbacks in SMS...

PT-2021-7225 · Owl · Owl Labs Meeting Owl

Name of the Vulnerable Software and Affected Versions: Owl Labs Meeting Owl version 5.2.0.15 Description: The issue is related to the implementation of Bluetooth Low Energy BLE technology in the microprogram of the Meeting Owl Pro camera for video conferencing. It involves inadequate processing o...

Secure Encryption Bypass

github.com/wireapp/wire-ios is vulnerable to bypass of secure encryption. Mandatory encryption at rest feature can be pypassed when the device passcode is disabled or is not set. The users will not be aware of inactivation of encryption at rest as the feature is hidden to them...

CVE-2021-41094

Wire is an open source secure messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to enable encryption at rest by generating encryption keys via the Secure Enclave, however it will fai...

Design/Logic Flaw

Wire is an open source secure messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to enable encryption at rest by generating encryption keys via the Secure Enclave, however it will fai...