CVE-2020-27269

MEDIUM Year: 2020
CVSS v3 Score
5.7
Medium
CVSS v2 Score
2.9
Low
Weakness Type
CWE-294
View all →

Vulnerability Description

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences via Bluetooth Low Energy.

Related Vulnerabilities

CVE-2019-9158

MEDIUM
CVSS:5.7(Medium)

Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control.

CWE-2942019

CVE-2013-1351

MEDIUM
CVSS:5.9(Medium)

Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password.

CWE-2942013

CVE-2020-24722

MEDIUM
CVSS:5.9(Medium)

An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX v...

CWE-2942020

CVE-2020-9438

MEDIUM
CVSS:5.9(Medium)

Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. In other words, door-access revocati...

CWE-2942020

CVE-2021-22267

MEDIUM
CVSS:5.9(Medium)

Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^A...

CWE-2942021

CVE-2022-29593

MEDIUM
CVSS:5.9(Medium)

relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.

CWE-2942022