mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-12 05:11:38 +02:00
0xMarcio
843 B
843 B
CVE-2023-23302
Description
The Toybox.GenericChannel.setDeviceConfig API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware.
POC
Reference
Github
No PoCs found on GitHub currently.