PT-2022-22877 · Unknown · Blink1Control2

P1Ckzi

·

Published

2022-09-07

·

Updated

2023-08-08

·

CVE-2022-35513

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Blink1Control2 versions prior to 2.2.9
Description The issue concerns the use of weak password encryption and an insecure method of storage in the Blink1Control2 application.
Recommendations For versions prior to 2.2.9, update to version 2.2.9 to resolve the issue.

Exploit

Fix

Use of a Broken Cryptographic Algorithm

Inadequate Encryption Strength

Insecure Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-327CWE-326CWE-922

Related Identifiers

CVE-2022-35513
GHSA-JQHQ-PFG3-FG5P

Affected Products

Blink1Control2