Advan Vd 1 Firmware
Approved changes feed: RSS · Atom
cpe:2.3:a:androvideo:advan_vd-1_firmware:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Androvideo (5718b93d-4e95-5de3-a12e-86245bc2079f) |
|---|---|
| Product | Advan Vd 1 Firmware (484d7c95-c33b-56ee-a9c4-07646f236b06) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-13408 |
vulnerable | 2026-06-08 05:12:42.222329 |
Advan VD-1 allows users to download arbitrary files
A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication.
Published: 2019-08-29T00:18:52.900Z
Updated: 2024-09-17T01:26:55.568Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-13407 |
vulnerable | 2026-06-08 05:12:42.219195 |
Advan VD-1 has a reflected XSS vulnerability in page cgibin/ssi.cgi
A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly.
Published: 2019-08-29T00:19:39.243Z
Updated: 2024-09-16T22:16:10.244Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-13406 |
vulnerable | 2026-06-08 05:12:42.217889 |
Advan VD-1 has a vulnerability that allows remote arbitrary APK installation
A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to install arbitrary APK without any authentication.
Published: 2019-08-29T00:19:32.626Z
Updated: 2024-09-16T23:16:16.188Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-13405 |
vulnerable | 2026-06-08 05:12:42.216324 |
Advan VD-1 allows a remote user to enable Android Debug Bridge without any authentication
A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software.
Published: 2019-08-29T00:19:23.331Z
Updated: 2024-09-16T22:24:40.037Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-11064 |
vulnerable | 2026-06-08 05:12:26.347453 |
A vulnerability of remote credential disclosure was discovered in Advan VD-1
A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator’s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication.
Published: 2019-08-29T00:19:17.490Z
Updated: 2024-09-17T00:36:59.288Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.