nitinronge91

5 exploits Active since Sep 2024
CVE-2024-44815 NOMISEC MEDIUM WRITEUP
Hathway Skyworth Router CM5100 <4.1.1.24 - Info Disclosure
Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV.
CVSS 4.6
CVE-2024-46383 NOMISEC LOW WRITEUP
Hathway Skyworth Router CM5100-511 v4.1.1.24 - Info Disclosure
Hathway Skyworth Router CM5100-511 v4.1.1.24 was discovered to store sensitive information about USB and Wifi connected devices in plaintext.
CVSS 2.4
CVE-2024-51072 WRITEUP MEDIUM WRITEUP
KIA Seltos v1.0 - DoS
An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to cause a Denial of Service (DoS) via ECU reset UDS service. NOTE: this is disputed by the Supplier because the findings came from a potentially unrealistic test environment (an isolated ECU part that was not in a vehicle), and because the ECUReset specification does not allow a manufacturer to require SecurityAccess and Authentication.
CVSS 5.3
CVE-2024-51073 WRITEUP MEDIUM WRITEUP
KIA Seltos v1.0 - Info Disclosure
An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to control or disrupt CAN communication between the instrument cluster and CAN bus. NOTE: this is disputed by the Supplier because the findings came from a potentially unrealistic test environment (an isolated ECU part that was not in a vehicle), and because the observed behavior follows the UDS (Unified Diagnostic Services) specification.
CVSS 6.7
CVE-2024-51074 WRITEUP MEDIUM WRITEUP
KIA Seltos v1.0 - Info Disclosure
Incorrect access control in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to arbitrarily change odometer readings in the vehicle by targeting the instrument cluster through the unsecured CAN network. NOTE: this is disputed by the supplier because the CAN bus is not externally exposed, and because the packets can only increase the odometer reading (which typically has no value to an adversary). Also, this is disputed by the Supplier because the findings came from a potentially unrealistic test environment (an isolated ECU part that was not in a vehicle), and because the observed behavior follows the UDS (Unified Diagnostic Services) specification.
CVSS 6.7