This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X63moons Aero
APP63Moons< 12082024155063moons Wave 2.0
APP63Moons< 1.1.7
Powiązane podatności
Brak ograniczeń liczby prób logowania w Wave 2.0 (brute force)
Obejście weryfikacji OTP w produktach 63Moons Aero i Wave 2.0
This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API...
This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An ...
This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API...