📦 Xtool Anyscan

This vulnerability allows remote code execution on Android devices running Xtooltech Xtool AnyScan app versions 4.40.40 and earlier. An attacker who can intercept or manipulate update traffic can serv...

The Xtooltech Xtool AnyScan Android application version 4.40.40 has a missing authentication vulnerability in its update server endpoint. This allows unauthenticated remote attackers to download offic...

The Xtooltech Xtool AnyScan Android application fails to validate TLS certificates, allowing attackers on the same network to perform man-in-the-middle attacks. This vulnerability enables interception...

The Xtooltech Xtool AnyScan Android application uses hardcoded cryptographic keys to decrypt update metadata, allowing attackers who intercept network traffic to manipulate update manifests and redire...