Vulnerabilities > Megafeis
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-21 | CVE-2022-45636 | Missing Authorization vulnerability in Megafeis Bofei Dbd+ 1.4.3/1.4.4 An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests. | 8.1 |
2023-03-21 | CVE-2022-45635 | Weak Password Requirements vulnerability in Megafeis Bofei Dbd+ 1.4.4 An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy. | 7.5 |
2023-03-21 | CVE-2022-45637 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Megafeis Bofei Dbd+ 1.4.4 An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism. | 9.8 |