HankJames

25 exploits Active since Oct 2024
CVE-2024-48538 WRITEUP CRITICAL WRITEUP
Neye3C v4.5.2.0 - Info Disclosure
Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.
CVSS 9.8
CVE-2024-48539 WRITEUP CRITICAL WRITEUP
Neye3C v4.5.2.0 - Info Disclosure
Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism.
CVSS 9.8
CVE-2024-48540 WRITEUP MEDIUM WRITEUP
XIAO HE Smart 4.3.1 - Info Disclosure
Incorrect access control in XIAO HE Smart 4.3.1 allows attackers to access sensitive information by analyzing the code and data within the APK file.
CVSS 6.2
CVE-2024-48542 WRITEUP HIGH WRITEUP
Yamaha Headphones Controller 1.6.7 - Info Disclosure
Incorrect access control in the firmware update and download processes of Yamaha Headphones Controller v1.6.7 allows attackers to access sensitive information by analyzing the code and data within the APK file.
CVSS 8.4
CVE-2024-48546 WRITEUP HIGH WRITEUP
Wear Sync <1.2.0 - Info Disclosure
Incorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.
CVSS 8.4
CVE-2024-48548 WRITEUP CRITICAL WRITEUP
Cloud Smart Lock v2.0.1 - SSRF
The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number via a bruteforce attack.
CVSS 9.3
CVE-2024-48768 WRITEUP HIGH WRITEUP
appinventor.ai_google.almando_control <2.3.1 - Info Disclosure
An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process
CVSS 7.5
CVE-2024-48769 WRITEUP CRITICAL WRITEUP
BURG-WCHTER KG de.burgwachter.keyapp.app <4.5.0 - Info Disclosure
An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process.
CVSS 9.1
CVE-2024-48770 WRITEUP HIGH WRITEUP
Plug n Play Camera com.wisdomcity.zwave <1.1.0 - Info Disclosure
An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process.
CVSS 8.2
CVE-2024-48772 WRITEUP CRITICAL WRITEUP
C-CHIP <1.2.8 - Info Disclosure
An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process.
CVSS 9.1
CVE-2024-48773 WRITEUP HIGH WRITEUP
WoFit <7.2.3 - Info Disclosure
An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process
CVSS 7.5
CVE-2024-48774 WRITEUP HIGH WRITEUP
Fermax Asia Pacific Pte Ltd com.fermax.vida <2.4.6 - Info Disclosure
An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process.
CVSS 7.5
CVE-2024-48775 WRITEUP HIGH WRITEUP
Plug n Play Camera com.ezset.delaney 1.2.0 - Info Disclosure
An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process.
CVSS 7.5
CVE-2024-48777 WRITEUP HIGH WRITEUP
LEDVANCE Smartplus EU <2.1.10 - Info Disclosure
LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information via the firmware update process.
CVSS 7.5
CVE-2024-48784 WRITEUP CRITICAL WRITEUP
SAMPMAX homemax <2.1.2.7 - Info Disclosure
An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to obtain sensitive information via the firmware update process.
CVSS 9.8
CVE-2024-48786 WRITEUP CRITICAL WRITEUP
SWITCHBOT INC SwitchBot <5.0.4 - Info Disclosure
An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process.
CVSS 9.1
CVE-2024-48788 WRITEUP HIGH WRITEUP
YESCAM 1.0.2 - Info Disclosure
An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process.
CVSS 7.5
CVE-2024-48789 WRITEUP HIGH WRITEUP
INATRONIC com.inatronic.drivedeck.home <2.6.23 - Info Disclosure
An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process.
CVSS 7.5
CVE-2024-48790 WRITEUP MEDIUM WRITEUP
ILIFE com.ilife.home.global <1.8.7 - Info Disclosure
An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote attacker to obtain sensitive information via the firmware update process.
CVSS 5.3
CVE-2024-48791 WRITEUP HIGH WRITEUP
Plug n Play Camera com.starvedia.mCamView.zwave <5.5.1 - Info Discl...
An issue in Plug n Play Camera com.starvedia.mCamView.zwave 5.5.1 allows a remote attacker to obtain sensitive information via the firmware update process
CVSS 7.5
CVE-2024-48792 WRITEUP HIGH WRITEUP
Hideez com.hideez <2.7.8.3 - Info Disclosure
An issue in Hideez com.hideez 2.7.8.3 allows a remote attacker to obtain sensitive information via the firmware update process.
CVSS 7.5
CVE-2024-48793 WRITEUP MEDIUM WRITEUP
INATRONIC com.inatronic.bmw <2.7.1 - Info Disclosure
An issue in INATRONIC com.inatronic.bmw 2.7.1 allows a remote attacker to obtain sensitive information via the firmware update process.
CVSS 5.9
CVE-2024-48795 WRITEUP MEDIUM WRITEUP
Creative Labs Pte Ltd com.creative.apps.xficonnect <2.00.02 - Info ...
An issue in Creative Labs Pte Ltd com.creative.apps.xficonnect 2.00.02 allows a remote attacker to obtain sensitive information via the firmware update process.
CVSS 5.3
CVE-2024-48798 WRITEUP HIGH WRITEUP
Hubble Connected <2.00.81 - Info Disclosure
An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process.
CVSS 7.5
CVE-2024-48799 WRITEUP HIGH WRITEUP
LOREX TECHNOLOGY INC com.lorexcorp.lorexping <1.4.22 - Info Disclosure
An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process.
CVSS 7.5