Vendor CVEs
Hankjames
All CVEs
35 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-48539 | Cri | 0.64 | 9.8 | 0.00 | Oct 24, 2024 | Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism. | ||
| CVE-2024-48538 | Cri | 0.64 | 9.8 | 0.01 | Oct 24, 2024 | Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||
| CVE-2024-48784 | Cri | 0.64 | 9.8 | 0.01 | Oct 11, 2024 | An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to obtain sensitive information via the firmware update process. | ||
| CVE-2024-48548 | Cri | 0.60 | 9.3 | 0.00 | Oct 24, 2024 | The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number via a bruteforce attack. | ||
| CVE-2024-48772 | Cri | 0.59 | 9.1 | 0.01 | Oct 11, 2024 | An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process. | ||
| CVE-2024-48787 | Cri | 0.59 | 9.1 | 0.00 | Oct 11, 2024 | An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process. | ||
| CVE-2024-48786 | Cri | 0.59 | 9.1 | 0.00 | Oct 11, 2024 | An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process. | ||
| CVE-2024-48778 | Cri | 0.59 | 9.1 | 0.01 | Oct 11, 2024 | An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote attacker to obtain sensitive information via the firmware update process. | ||
| CVE-2024-48769 | Cri | 0.59 | 9.1 | 0.01 | Oct 11, 2024 | An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process. | ||
| CVE-2024-48547 | Hig | 0.55 | 8.4 | 0.00 | Oct 24, 2024 | Incorrect access control in the firmware update and download processes of DreamCatcher Life v1.8.7 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||
| CVE-2024-48546 | Hig | 0.55 | 8.4 | 0.00 | Oct 24, 2024 | Incorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||
| CVE-2024-48545 | Hig | 0.55 | 8.4 | 0.00 | Oct 24, 2024 | Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||
| CVE-2024-48544 | Hig | 0.55 | 8.4 | 0.00 | Oct 24, 2024 | Incorrect access control in the firmware update and download processes of Sylvania Smart Home v3.0.3 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||
| CVE-2024-48542 | Hig | 0.55 | 8.4 | 0.00 | Oct 24, 2024 | Incorrect access control in the firmware update and download processes of Yamaha Headphones Controller v1.6.7 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||
| CVE-2024-48541 | Hig | 0.55 | 8.4 | 0.00 | Oct 24, 2024 | Incorrect access control in the firmware update and download processes of Ruochan Smart v4.4.7 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||
| CVE-2024-48770 | Hig | 0.53 | 8.2 | 0.01 | Oct 11, 2024 | An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process. | ||
| CVE-2024-48792 | Hig | 0.49 | 7.5 | 0.00 | Oct 14, 2024 | An issue in Hideez com.hideez 2.7.8.3 allows a remote attacker to obtain sensitive information via the firmware update process. | ||
| CVE-2024-48791 | Hig | 0.49 | 7.5 | 0.00 | Oct 14, 2024 | An issue in Plug n Play Camera com.starvedia.mCamView.zwave 5.5.1 allows a remote attacker to obtain sensitive information via the firmware update process | ||
| CVE-2024-48789 | Hig | 0.49 | 7.5 | 0.01 | Oct 14, 2024 | An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process. | ||
| CVE-2024-48799 | Hig | 0.49 | 7.5 | 0.01 | Oct 14, 2024 | An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process. | ||
| CVE-2024-48798 | Hig | 0.49 | 7.5 | 0.01 | Oct 14, 2024 | An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process. | ||
| CVE-2024-48797 | Hig | 0.49 | 7.5 | 0.01 | Oct 14, 2024 | An issue in PCS Engineering Preston Cinema (com.prestoncinema.app) 0.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. | ||
| CVE-2024-48796 | Hig | 0.49 | 7.5 | 0.01 | Oct 14, 2024 | An issue in EQUES com.eques.plug 1.0.1 allows a remote attacker to obtain sensitive information via the firmware update process. | ||
| CVE-2024-48788 | Hig | 0.49 | 7.5 | 0.01 | Oct 11, 2024 | An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process. | ||
| CVE-2024-48777 | Hig | 0.49 | 7.5 | 0.01 | Oct 11, 2024 | LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information via the firmware update process. | ||
| CVE-2024-48776 | Hig | 0.49 | 7.5 | 0.01 | Oct 11, 2024 | An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process | ||
| CVE-2024-48775 | Hig | 0.49 | 7.5 | 0.01 | Oct 11, 2024 | An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. | ||
| CVE-2024-48774 | Hig | 0.49 | 7.5 | 0.01 | Oct 11, 2024 | An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process. | ||
| CVE-2024-48773 | Hig | 0.49 | 7.5 | 0.01 | Oct 11, 2024 | An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process | ||
| CVE-2024-48771 | Hig | 0.49 | 7.5 | 0.00 | Oct 11, 2024 | An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process | ||
| CVE-2024-48768 | Hig | 0.49 | 7.5 | 0.01 | Oct 11, 2024 | An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process | ||
| CVE-2024-48540 | Med | 0.40 | 6.2 | 0.00 | Oct 24, 2024 | Incorrect access control in XIAO HE Smart 4.3.1 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||
| CVE-2024-48793 | Med | 0.38 | 5.9 | 0.00 | Oct 14, 2024 | An issue in INATRONIC com.inatronic.bmw 2.7.1 allows a remote attacker to obtain sensitive information via the firmware update process. | ||
| CVE-2024-48795 | Med | 0.34 | 5.3 | 0.00 | Oct 14, 2024 | An issue in Creative Labs Pte Ltd com.creative.apps.xficonnect 2.00.02 allows a remote attacker to obtain sensitive information via the firmware update process. | ||
| CVE-2024-48790 | Med | 0.34 | 5.3 | 0.00 | Oct 14, 2024 | An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote attacker to obtain sensitive information via the firmware update process. |
- risk 0.64cvss 9.8epss 0.00
Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism.
- risk 0.64cvss 9.8epss 0.01
Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.
- risk 0.64cvss 9.8epss 0.01
An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to obtain sensitive information via the firmware update process.
- risk 0.60cvss 9.3epss 0.00
The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number via a bruteforce attack.
- risk 0.59cvss 9.1epss 0.01
An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process.
- risk 0.59cvss 9.1epss 0.00
An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process.
- risk 0.59cvss 9.1epss 0.00
An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process.
- risk 0.59cvss 9.1epss 0.01
An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote attacker to obtain sensitive information via the firmware update process.
- risk 0.59cvss 9.1epss 0.01
An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process.
- risk 0.55cvss 8.4epss 0.00
Incorrect access control in the firmware update and download processes of DreamCatcher Life v1.8.7 allows attackers to access sensitive information by analyzing the code and data within the APK file.
- risk 0.55cvss 8.4epss 0.00
Incorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.
- risk 0.55cvss 8.4epss 0.00
Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.
- risk 0.55cvss 8.4epss 0.00
Incorrect access control in the firmware update and download processes of Sylvania Smart Home v3.0.3 allows attackers to access sensitive information by analyzing the code and data within the APK file.
- risk 0.55cvss 8.4epss 0.00
Incorrect access control in the firmware update and download processes of Yamaha Headphones Controller v1.6.7 allows attackers to access sensitive information by analyzing the code and data within the APK file.
- risk 0.55cvss 8.4epss 0.00
Incorrect access control in the firmware update and download processes of Ruochan Smart v4.4.7 allows attackers to access sensitive information by analyzing the code and data within the APK file.
- risk 0.53cvss 8.2epss 0.01
An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process.
- risk 0.49cvss 7.5epss 0.00
An issue in Hideez com.hideez 2.7.8.3 allows a remote attacker to obtain sensitive information via the firmware update process.
- risk 0.49cvss 7.5epss 0.00
An issue in Plug n Play Camera com.starvedia.mCamView.zwave 5.5.1 allows a remote attacker to obtain sensitive information via the firmware update process
- risk 0.49cvss 7.5epss 0.01
An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process.
- risk 0.49cvss 7.5epss 0.01
An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process.
- risk 0.49cvss 7.5epss 0.01
An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process.
- risk 0.49cvss 7.5epss 0.01
An issue in PCS Engineering Preston Cinema (com.prestoncinema.app) 0.2.0 allows a remote attacker to obtain sensitive information via the firmware update process.
- risk 0.49cvss 7.5epss 0.01
An issue in EQUES com.eques.plug 1.0.1 allows a remote attacker to obtain sensitive information via the firmware update process.
- risk 0.49cvss 7.5epss 0.01
An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process.
- risk 0.49cvss 7.5epss 0.01
LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information via the firmware update process.
- risk 0.49cvss 7.5epss 0.01
An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process
- risk 0.49cvss 7.5epss 0.01
An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process.
- risk 0.49cvss 7.5epss 0.01
An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process.
- risk 0.49cvss 7.5epss 0.01
An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process
- risk 0.49cvss 7.5epss 0.00
An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process
- risk 0.49cvss 7.5epss 0.01
An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process
- risk 0.40cvss 6.2epss 0.00
Incorrect access control in XIAO HE Smart 4.3.1 allows attackers to access sensitive information by analyzing the code and data within the APK file.
- risk 0.38cvss 5.9epss 0.00
An issue in INATRONIC com.inatronic.bmw 2.7.1 allows a remote attacker to obtain sensitive information via the firmware update process.
- risk 0.34cvss 5.3epss 0.00
An issue in Creative Labs Pte Ltd com.creative.apps.xficonnect 2.00.02 allows a remote attacker to obtain sensitive information via the firmware update process.
- risk 0.34cvss 5.3epss 0.00
An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote attacker to obtain sensitive information via the firmware update process.