CVE-2021-24046
14.01.2022, 18:15
A logic flaw in Ray-Ban Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application. This issue affected versions of device software before 2107460.6810.0.
| Vendor | Product | Version |
|---|---|---|
| ray-ban | stories_rw4003_65582v_48-23_firmware | 𝑥 < 2107460.6810.0 |
| ray-ban | stories_rw4002_601\/71_50-22_firmware | 𝑥 < 2107460.6810.0 |
| ray-ban | stories_rw4005_656013_51-20_firmware | 𝑥 < 2107460.6810.0 |
| ray-ban | stories_rw4005_6563m3_51-20_firmware | 𝑥 < 2107460.6810.0. |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-471 - Modification of Assumed-Immutable Data (MAID)The software does not properly protect an assumed-immutable element from being modified by an attacker.
- CWE-425 - Direct Request ('Forced Browsing')The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.