Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-42496

Sept. 30, 2024, 12:45 p.m.

CVSS Score

2.4 / 10

Product(s) Impacted

Smart-tab Android app

  • April 2023 or earlier

Description

Smart-tab Android app installed April 2023 or earlier contains an issue with plaintext storage of a password. If this vulnerability is exploited, an attacker with physical access to the device may retrieve the credential information and spoof the device to access the related external service.

Weaknesses

CWE-256
Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

CWE ID: 256

Date

Published: Sept. 30, 2024, 8:15 a.m.

Last Modified: Sept. 30, 2024, 12:45 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vultures@jpcert.or.jp

CVSS Data

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

Base Score
2.4
Exploitability Score
0.9
Impact Score
1.4
Base Severity
LOW
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

https://jvn.jp/ vultures@jpcert.or.jp

https://tsc-soft.co.jp/ vultures@jpcert.or.jp