3 matches found
CVE-2022-45636
MEGAFEIS DBD+ mobile app (iOS/Android) version 1.4.4 is affected by CVE-2022-45636 due to an insecure authorization scheme for API requests that allows an attacker to unlock models without authorization via arbitrary API calls. The issue targets the DBD+ backend endpoints used by the Megafeis sma...
CVE-2022-45637
CVE-2022-45637 concerns MEGAFEIS/BOFEI DBD+ mobile app (iOS & Android) v1.4.4 with an insecure password reset code expiry mechanism. Multiple connected sources (NVD, Red Hat, CVE list, PRION, and WithSecure PoC repo) describe the vulnerability as an insecure expiry mechanism for password reset, e...
CVE-2022-45635
MEGAFEIS DBD+ mobile app for iOS/Android v1.4.4 is affected by CVE-2022-45635. The issue is due to an insecure password policy and lack of rate limiting on the Megafeis back-end API, enabling exposure of sensitive account information. A PoC/exploit exists (WithSecure megafeis-palm repository) and...