An issue was discovered in GCDWebServer before 3.5.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
On Mooltipass Mini devices, a side channel for the row-based OLED display was found. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
On Ledger Nano S and Nano X devices, a side channel for the row-based OLED display was found. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.