NVD disclosure day

Published threat advisories for October 11, 2024

CVE advisoryCRITICAL

CVE-2024-48772

C-CHIP Firmware Update Information Disclosure Vulnerability

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A critical vulnerability exists in the C-CHIP firmware update process, allowing remote attackers to obtain sensitive information. This could potentially expose system data or configuration details. The relevance and impact on your systems are currently unconfirmed.

CVE advisoryCRITICAL

CVE-2024-48787

Revic Ops Firmware Update Information Disclosure.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Revic Optics Revic Ops' firmware update process may allow remote attackers to obtain sensitive information. This issue could lead to unauthorized data disclosure if the update mechanism is reachable. There is uncertainty regarding the exploitability and business impact due to limited information.

CVE advisoryCRITICAL

CVE-2024-48786

SwitchBot Firmware Update Sensitive Information Disclosure

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

An unspecified vulnerability in the SwitchBot mobile application's firmware update process allows a remote attacker to obtain sensitive information. The attack vector involves network interaction during updates, potentially impacting data confidentiality. The relevance and exposure of this update mechanism to your envi

CVE advisoryCRITICAL

CVE-2024-48784

HomeMax Firmware Update Information Disclosure.

Halo Surface Signal: 3 out of 5 — possibly public-facing.

An access control flaw in a home automation application's firmware update process may allow remote attackers to obtain sensitive information. This could lead to unauthorized disclosure of system data if the update mechanism is reachable. This issue should be reviewed to confirm if the technology is in use and to unders

CVE advisoryCRITICAL

CVE-2024-48778

RideLink Firmware Update Information Disclosure.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A vulnerability exists in a specific application's firmware update process that could allow a remote attacker to obtain sensitive information. While the issue is rated critical, its external reachability is considered unlikely. This advisory prompts investigation into its relevance to our environment and potential expo

CVE advisoryCRITICAL

CVE-2024-48769

BURG-WÄCHTER Key App Firmware Update Information Disclosure Vulnerability

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A critical vulnerability exists in a mobile application for physical security hardware, allowing remote attackers to obtain sensitive information during the firmware update process. While network communication is involved, the application's typical use in a local context makes direct internet exposure unlikely. Underst

CVE advisoryCRITICAL

CVE-2024-46088

Entersoft CRM Arbitrary File Upload Vulnerability Allows Code Execution

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An arbitrary file upload vulnerability exists in a customer resource management system, allowing attackers to execute code by uploading a crafted file. This could impact system integrity and availability if the vulnerable interface is reachable. It is important to determine if this specific technology is in use and ass