MidnightBSD

Advisories for 7-eleven

CVE-2014-5883 MEDIUM

The 7-ELEVEN (aka ecowork.seven) application 2.08.000 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
7-eleven 7-eleven 2.08.000
CVE-2023-34761

An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter.

Products Affected

Vendor Product Version
7-eleven hello_cup 1.3.1