Abdullah Ansari

**Name of the Vulnerable Software and Affected Versions** MEGAFEIS, BOFEI DBD+ Application for IOS & Android version 1.4.4 **Description** An issue in the MEGAFEIS, BOFEI DBD+ Application allows an authenticated attacker to gain access to sensitive account information. **Recommendations** For version 1.4.4, consider restricting access to sensitive account information until a patch is available. As a temporary workaround, limit the privileges of authenticated attackers to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MEGAFEIS, BOFEI DBD+ Application for IOS & Android version 1.4.4 **Description** An issue in the MEGAFEIS, BOFEI DBD+ Application allows an attacker to unlock models without authorization via arbitrary API requests. **Recommendations** For version 1.4.4, consider restricting access to API endpoints that handle model unlocking until a patch is available. As a temporary workaround, avoid using the application for model unlocking until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.