WithSecureLabs/megafeis-palm

WithSecureLabs/megafeis-palm

Releases0

Stars1

PoC Code for Vulnerabilities Found in MEGAFEIS-branded Smart Locks & their Mobile Companion App: DBD+

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-45634 ↗	Mar 22, 2023Wednesday, 22 March 2023, 02:15	4.3 MEDIUM	—
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows authenticated attacker to gain access to sensitive account information
CVE-2022-45636 ↗	Mar 21, 2023Tuesday, 21 March 2023, 18:15	8.1 HIGH	—
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.
CVE-2022-45635 ↗	Mar 21, 2023Tuesday, 21 March 2023, 16:15	7.5 HIGH	—
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy.
CVE-2022-45637 ↗	Mar 21, 2023Tuesday, 21 March 2023, 16:15	9.8 CRITICAL	—
An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism.