Vulnerabilities > Megafeis

DATE CVE VULNERABILITY TITLE RISK
2023-03-21 CVE-2022-45636 Missing Authorization vulnerability in Megafeis Bofei Dbd+ 1.4.3/1.4.4
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.
low complexity
megafeis CWE-862
8.1
2023-03-21 CVE-2022-45635 Weak Password Requirements vulnerability in Megafeis Bofei Dbd+ 1.4.4
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy.
network
low complexity
megafeis CWE-521
7.5
2023-03-21 CVE-2022-45637 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Megafeis Bofei Dbd+ 1.4.4
An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism.
network
low complexity
megafeis CWE-640
critical
9.8