eNet Smart Home server versions 2.2.1 and 2.3.1 suffer from missing authorization checks in the resetUserPassword JSON-RPC method, allowing any authenticated low-privileged user to reset passwords for administrative accounts without proper verification. Public exploit code exists for this vulnerability, enabling attackers to achieve immediate privilege escalation and gain full administrative control over the smart home system. No patch is currently available, leaving deployed instances vulnerable to account takeover attacks.
eNet Smart Home server versions 2.2.1 and 2.3.1 allow authenticated users to delete arbitrary user accounts through an authorization bypass in the deleteUserAccount JSON-RPC method. Any low-privileged user can submit a crafted request to remove other accounts without elevated permissions, and public exploit code exists for this vulnerability. The impact includes unauthorized account deletion and potential denial of service, with no patch currently available.
The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]
The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]
The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]
Ecwid by Lightspeed Ecommerce Shopping Cart (WordPress plugin) versions up to 7.0.7. is affected by improper privilege management (CVSS 8.8).