Vulnerabilities > Geniecompany

DATE CVE VULNERABILITY TITLE RISK
2024-01-03 CVE-2023-5879 Insecure Storage of Sensitive Information vulnerability in Geniecompany Aladdin Connect 5.65
Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices.
low complexity
geniecompany CWE-922
6.8
2024-01-03 CVE-2023-5880 Cross-site Scripting vulnerability in Geniecompany Aladdin Connect Garage Door Opener Firmware
When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML.
network
low complexity
geniecompany CWE-79
8.8
2024-01-03 CVE-2023-5881 Missing Authentication for Critical Function vulnerability in Geniecompany Aladdin Connect Garage Door Opener Firmware
Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) "Garage Door Control Module Setup" and modify the Garage door's SSID settings.
network
low complexity
geniecompany CWE-306
8.2