Skip to main content

Ourphoto

4 CVEs product

Monthly

CVE-2022-24190 HIGH POC This Week

The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ourphoto
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-24189 MEDIUM POC This Month

The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ourphoto
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-24188 HIGH POC This Week

The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ourphoto
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-24187 HIGH POC This Week

The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ourphoto
NVD
CVSS 3.1
7.5
EPSS
0.7%
EPSS 1% CVSS 7.5
HIGH POC This Week

The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ourphoto
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ourphoto
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ourphoto
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ourphoto
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy