CVE-2022-45636

Name of the Vulnerable Software and Affected Versions MEGAFEIS, BOFEI DBD+ Application for IOS & Android version 1.4.4

Description An issue in the MEGAFEIS, BOFEI DBD+ Application allows an attacker to unlock models without authorization via arbitrary API requests.

Recommendations For version 1.4.4, consider restricting access to API endpoints that handle model unlocking until a patch is available. As a temporary workaround, avoid using the application for model unlocking until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.