Lucene search

K
AndrovideoVd 1 Firmware

5 matches found

CVE
CVE
added 2019/08/29 1:15 a.m.161 views

CVE-2019-11064

A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator’s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authenticatio...

9.8CVSS9.4AI score0.00402EPSS
CVE
CVE
added 2019/08/29 1:15 a.m.159 views

CVE-2019-13406

A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to install arbitrary APK without any authentication.

7.5CVSS7.5AI score0.00222EPSS
CVE
CVE
added 2019/08/29 1:15 a.m.155 views

CVE-2019-13407

A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly.

6.1CVSS6AI score0.00307EPSS
CVE
CVE
added 2019/08/29 1:15 a.m.153 views

CVE-2019-13405

A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software.

10CVSS9.6AI score0.00521EPSS
CVE
CVE
added 2019/08/29 1:15 a.m.153 views

CVE-2019-13408

A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication.

7.5CVSS7.5AI score0.00447EPSS