AndroVideo VD 1
Approved changes feed: RSS · Atom
cpe:2.3:h:androvideo:vd_1:-:*:*:*:*:*:*:*
part: h version: - update: *
| Vendor | Androvideo (5718b93d-4e95-5de3-a12e-86245bc2079f) |
|---|---|
| Product | Vd 1 (f5de9d31-7cd4-541d-b8d8-af2428cc58ce) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-13408 |
not_vulnerable | 2026-06-08 05:12:42.222394 |
Advan VD-1 allows users to download arbitrary files
A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication.
Published: 2019-08-29T00:18:52.900Z
Updated: 2024-09-17T01:26:55.568Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-13407 |
not_vulnerable | 2026-06-08 05:12:42.219258 |
Advan VD-1 has a reflected XSS vulnerability in page cgibin/ssi.cgi
A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly.
Published: 2019-08-29T00:19:39.243Z
Updated: 2024-09-16T22:16:10.244Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-13406 |
not_vulnerable | 2026-06-08 05:12:42.218772 |
Advan VD-1 has a vulnerability that allows remote arbitrary APK installation
A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to install arbitrary APK without any authentication.
Published: 2019-08-29T00:19:32.626Z
Updated: 2024-09-16T23:16:16.188Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-13405 |
not_vulnerable | 2026-06-08 05:12:42.217486 |
Advan VD-1 allows a remote user to enable Android Debug Bridge without any authentication
A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software.
Published: 2019-08-29T00:19:23.331Z
Updated: 2024-09-16T22:24:40.037Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-11064 |
not_vulnerable | 2026-06-08 05:12:26.348932 |
A vulnerability of remote credential disclosure was discovered in Advan VD-1
A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator’s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication.
Published: 2019-08-29T00:19:17.490Z
Updated: 2024-09-17T00:36:59.288Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.