Chapoly1305

4 exploits Active since May 2024
CVE-2023-46870 NOMISEC HIGH WRITEUP
Nordic Semiconductor nRF Sniffer for Bluetooth LE <4.1.1 - RCE
extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAPI/*.py in Nordic Semiconductor nRF Sniffer for Bluetooth LE 3.0.0, 3.1.0, 4.0.0, 4.1.0, and 4.1.1 have set incorrect file permission, which allows attackers to do code execution via modified bash and python scripts.
CVSS 7.3
CVE-2024-35495 WRITEUP MEDIUM WRITEUP
TP-Link Kasa KP125M/Tapo P125M <1.0.0 - Info Disclosure
An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing network traffic.
CVSS 4.3
CVE-2024-46548 WRITEUP MEDIUM WRITEUP
TP-Link Tapo P125M & Kasa KP125M v1.0.3 - Info Disclosure
TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowing attackers to eavesdrop on communications and access sensitive information via a man-in-the-middle attack.
CVSS 6.3
CVE-2024-46549 WRITEUP HIGH WRITEUP
TP-Link Kasa KP125M <1.0.3 - Open Redirect
An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users.
CVSS 7.6