Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extrac
The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks.
Exposure of the QKEY (used as
input into the ‘OTA-Quantum’ device registration process) and internal
system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agr
An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 allows attackers to access sensitive user information via supplying a crafted link.
An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password
Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected install
Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption ke
An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens (JWT) used for
An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619_B20230130 within the cstecgi.cgi binary (sub_41EC68 function). The binary reads the "ime
Access control vulnerability in the identity authentication module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE.
An unauthorized access vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to Unauthorized access
Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authentica
Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into a
A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifica
An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service
CWE-639 Authorization Bypass Through User-Controlled Key
CWE-639 Authorization Bypass Through User-Controlled Key
A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetoot
A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while
Page 1+ Next →