An issue was discovered in the MakeMyTrip application 7.2.4 for Android. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Google
Information Disclosure
Makemytrip
NVD
GitHub
Exploit-DB
CVSS 3.0
6.5
EPSS
4.1%
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Java
Authentication Bypass
Ct50 Firmware
Ct80 Firmware
NVD
GitHub
CVSS 3.0
6.5
EPSS
0.8%