Eye.fi » Eye-fi Manager : Security Vulnerabilities, CVEs,

CVE-2008-7137

WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service (crash) via an empty query string to port 59278 and other unspecified vectors.
Max CVSS
5.0
EPSS Score
2.28%
Published
2009-09-01
Updated
2018-10-11

CVE-2008-7138

The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce.
Max CVSS
5.0
EPSS Score
0.36%
Published
2009-09-01
Updated
2018-10-11

CVE-2008-7139

Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote attackers to hijack the authentication of users for requests that modify configuration via a SOAPAction parameter of (1) urn:SetOptions for autostart, (2) urn:SetDesktopSync for file upload, or (3) urn:SetFolderConfig for file download location or modification of authentication credentials; and (4) urn:AddNetwork for adding an arbitrary Service Set Identifier (SSID) to hijack the image upload.
Max CVSS
6.8
EPSS Score
0.78%
Published
2009-09-01
Updated
2018-10-11
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close