Tal Saadi

**Name of the Vulnerable Software and Affected Versions** EasyTor Applications (affected versions not specified) **Description** The issue allows for authorization bypass via an unspecified method. There is no information available about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pal Electronics Systems (affected versions not specified) **Description** The issue is an authorization problem in the PalGate device management Android client app, affecting gates of buildings and parking lots controlled by a simple button in any smartphone. An attacker can iterate over all IoT devices to see every entry and exit on every gate and device worldwide. They can also scrape the server to create a user's database with full names and phone numbers of over 2.8 million users and track users' movements in and out of gates, even in real-time. The API was discovered through decompiling and static research using Jadx, and dynamic analysis using Frida. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.