VYPR

Vendor CVEs

Hankjames

All CVEs

35 total · sorted by risk
  • CVE-2024-48539CriOct 24, 2024
    risk 0.64cvss 9.8epss 0.00

    Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism.

  • CVE-2024-48538CriOct 24, 2024
    risk 0.64cvss 9.8epss 0.01

    Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.

  • CVE-2024-48784CriOct 11, 2024
    risk 0.64cvss 9.8epss 0.01

    An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-48548CriOct 24, 2024
    risk 0.60cvss 9.3epss 0.00

    The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number via a bruteforce attack.

  • CVE-2024-48772CriOct 11, 2024
    risk 0.59cvss 9.1epss 0.01

    An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-48787CriOct 11, 2024
    risk 0.59cvss 9.1epss 0.00

    An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-48786CriOct 11, 2024
    risk 0.59cvss 9.1epss 0.00

    An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-48778CriOct 11, 2024
    risk 0.59cvss 9.1epss 0.01

    An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-48769CriOct 11, 2024
    risk 0.59cvss 9.1epss 0.01

    An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process.

  • CVE-2024-48547HigOct 24, 2024
    risk 0.55cvss 8.4epss 0.00

    Incorrect access control in the firmware update and download processes of DreamCatcher Life v1.8.7 allows attackers to access sensitive information by analyzing the code and data within the APK file.

  • CVE-2024-48546HigOct 24, 2024
    risk 0.55cvss 8.4epss 0.00

    Incorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.

  • CVE-2024-48545HigOct 24, 2024
    risk 0.55cvss 8.4epss 0.00

    Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.

  • CVE-2024-48544HigOct 24, 2024
    risk 0.55cvss 8.4epss 0.00

    Incorrect access control in the firmware update and download processes of Sylvania Smart Home v3.0.3 allows attackers to access sensitive information by analyzing the code and data within the APK file.

  • CVE-2024-48542HigOct 24, 2024
    risk 0.55cvss 8.4epss 0.00

    Incorrect access control in the firmware update and download processes of Yamaha Headphones Controller v1.6.7 allows attackers to access sensitive information by analyzing the code and data within the APK file.

  • CVE-2024-48541HigOct 24, 2024
    risk 0.55cvss 8.4epss 0.00

    Incorrect access control in the firmware update and download processes of Ruochan Smart v4.4.7 allows attackers to access sensitive information by analyzing the code and data within the APK file.

  • CVE-2024-48770HigOct 11, 2024
    risk 0.53cvss 8.2epss 0.01

    An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-48792HigOct 14, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue in Hideez com.hideez 2.7.8.3 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-48791HigOct 14, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue in Plug n Play Camera com.starvedia.mCamView.zwave 5.5.1 allows a remote attacker to obtain sensitive information via the firmware update process

  • CVE-2024-48789HigOct 14, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process.

  • CVE-2024-48799HigOct 14, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-48798HigOct 14, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-48797HigOct 14, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in PCS Engineering Preston Cinema (com.prestoncinema.app) 0.2.0 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-48796HigOct 14, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in EQUES com.eques.plug 1.0.1 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-48788HigOct 11, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-48777HigOct 11, 2024
    risk 0.49cvss 7.5epss 0.01

    LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-48776HigOct 11, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process

  • CVE-2024-48775HigOct 11, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-48774HigOct 11, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process.

  • CVE-2024-48773HigOct 11, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process

  • CVE-2024-48771HigOct 11, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process

  • CVE-2024-48768HigOct 11, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process

  • CVE-2024-48540MedOct 24, 2024
    risk 0.40cvss 6.2epss 0.00

    Incorrect access control in XIAO HE Smart 4.3.1 allows attackers to access sensitive information by analyzing the code and data within the APK file.

  • CVE-2024-48793MedOct 14, 2024
    risk 0.38cvss 5.9epss 0.00

    An issue in INATRONIC com.inatronic.bmw 2.7.1 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-48795MedOct 14, 2024
    risk 0.34cvss 5.3epss 0.00

    An issue in Creative Labs Pte Ltd com.creative.apps.xficonnect 2.00.02 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-48790MedOct 14, 2024
    risk 0.34cvss 5.3epss 0.00

    An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote attacker to obtain sensitive information via the firmware update process.