CVE-2021-24046

EPSS 0.2%
Veröffentlicht 14.01.2022 18:15:09
Zuletzt bearbeitet 21.11.2024 05:52:16
Quelle cve-assign@fb.com
CVE-Watchlists
Login
Unerledigt
Login

A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application. This issue affected versions of device software before 2107460.6810.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ray-ban ≫ Stories Rw4003 65582v 48-23 Firmware Version < 2107460.6810.0

Ray-ban ≫ Stories Rw4003 65582v 48-23 Version-

Ray-ban ≫ Stories Rw4002 601/71 50-22 Firmware Version < 2107460.6810.0

Ray-ban ≫ Stories Rw4002 601/71 50-22 Version-

Ray-ban ≫ Stories Rw4005 656013 51-20 Firmware Version < 2107460.6810.0

Ray-ban ≫ Stories Rw4005 656013 51-20 Version-

Ray-ban ≫ Stories Rw4005 6563m3 51-20 Firmware Version < 2107460.6810.0.

Ray-ban ≫ Stories Rw4005 6563m3 51-20 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.385

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-425 Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

CWE-471 Modification of Assumed-Immutable Data (MAID)

The product does not properly protect an assumed-immutable element from being modified by an attacker.

https://www.facebook.com/security/advisories/cve-2021-24046

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-24046

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-24046

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-24046

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-24046