1.4.4

CVSS 8.1 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

low complexity

megafeis

CWE-862

NVD

Published: 2023-03-21

Updated: 2023-08-08

Summary

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.

Vulnerable Configurations

Part	Description	Count
Application	Megafeis Megafeis Bofei Dbd+ 1.4.4 Megafeis Bofei Dbd+ 1.4.3	2

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://labs.withsecure.com/advisories/insecure-authorization-scheme-for-api-requests-in-dbd--mobile-co
https://github.com/WithSecureLabs/megafeis-palm/tree/main/CVE-2022-45636