Anonymous120386/Anonymous

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-46040 ↗	Oct 7, 2024Monday, 7 October 2024, 16:15	6.5 MEDIUM	—
IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. The lack of validation of the authentication token at the IoT Haat during the Access Point Pairing mode leads the attacker to replay the Wi-Fi packets and forcefully turn off the access point after the authentication token has expired.
CVE-2024-46041 ↗	Oct 7, 2024Monday, 7 October 2024, 16:15	8.8 HIGH	—
IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay.
CVE-2024-42531 ↗	Aug 23, 2024Friday, 23 August 2024, 17:15	9.8 CRITICAL	—
Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed. NOTE: the vendor's perspective is that the Anonymous120386 sample code can establish RTSP protocol communictaion, but cannot obtain video or audio data; thus, there is no risk.
CVE-2024-41623 ↗	Aug 13, 2024Tuesday, 13 August 2024, 14:15	9.8 CRITICAL	—
An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload