A broken access control vulnerability found in Advan VD-1...
High severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Aug 29, 2019
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Apr 4, 2024
A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to install arbitrary APK without any authentication.
References