Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Sz-fujiaOurphoto

3 matches found

CVE
CVEadded 2022/11/28 10:15 p.m.62 views

CVE-2022-24190

The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to accep...

7.5CVSS7.6AI score0.00081EPSS
Web
CVE
CVEadded 2022/11/28 10:15 p.m.53 views

CVE-2022-24187

The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. Other end-users user_id and device_id values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an a...

7.5CVSS7.4AI score0.00112EPSS
Web
CVE
CVEadded 2022/11/28 10:15 p.m.47 views

CVE-2022-24188

The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct obje...

7.5CVSS7.5AI score0.00057EPSS
Web