CVSS: 2.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-46383
https://notcve.org/view.php?id=CVE-2024-46383
Hathway Skyworth Router CM5100-511 v4.1.1.24 was discovered to store sensitive information about USB and Wifi connected devices in plaintext. • http://skyworth.com https://github.com/nitinronge91/Sensitive-Information-disclosure-via-SPI-flash-firmware-for-Hathway-router-CVE-2024-46383 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13227
https://notcve.org/view.php?id=CVE-2017-13227
This could lead to information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-06-01 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48970 – Life2000 Ventilator microcontroller lacks memory protection
https://notcve.org/view.php?id=CVE-2024-48970
An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure. • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01 • CWE-1191: On-Chip Debug and Test Interface With Improper Access Control •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48974 – Life2000 Ventilator does not perform proper file integrity checks when adopting firmware updates
https://notcve.org/view.php?id=CVE-2024-48974
This could disrupt the function of the device and/or cause unauthorized information disclosure. • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01 • CWE-494: Download of Code Without Integrity Check •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9832 – No limit on failed login attempts with Clinician Password or Serial Number Clinician Password on Life2000 Ventilator
https://notcve.org/view.php?id=CVE-2024-9832
An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the function of the device and/or result in unauthorized information disclosure. • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01 • CWE-307: Improper Restriction of Excessive Authentication Attempts •