CVE-2021-24046
EUVD-2021-1096214.01.2022, 18:15
A logic flaw in Ray-BanĀ® Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application. This issue affected versions of device software before 2107460.6810.0.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| ray-ban | stories_rw4003_65582v_48-23_firmware | 𝑥 < 2107460.6810.0 |
| ray-ban | stories_rw4002_601\/71_50-22_firmware | 𝑥 < 2107460.6810.0 |
| ray-ban | stories_rw4005_656013_51-20_firmware | 𝑥 < 2107460.6810.0 |
| ray-ban | stories_rw4005_6563m3_51-20_firmware | 𝑥 < 2107460.6810.0. |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-471 - Modification of Assumed-Immutable Data (MAID)The software does not properly protect an assumed-immutable element from being modified by an attacker.
- CWE-425 - Direct Request ('Forced Browsing')The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.