HIGH🇬🇧 English

CVE-2025-50944

CVSS 8.8v3.1pub. 2025-09-15upd. 2025-10-14

An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Avtech Eagleeyes\(lite\)

    APP
    Avtech
    2.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-46408CRITICAL9.8PL ✓ten sam produkt

AVTECH EagleEyes — pominięcie weryfikacji domeny TLS (ALLOW_ALL_HOSTNAME_VERIFIER)

CVE-2013-4982CRITICAL9.8ten sam vendor

AVTECH AVN801 DVR has a security bypass via the administration login captcha

CVE-2025-57199HIGH8.8ten sam vendor

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated com...

CVE-2025-57198HIGH8.8ten sam vendor

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated com...

CVE-2025-57201HIGH8.8ten sam vendor

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated com...

CVE-2025-50944 — HIGH 8.8 | CVEbaza.pl