CVE-2024-48541

Sažetak

Incorrect access control in the firmware update and download processes of Ruochan Smart v4.4.7 allows attackers to access sensitive information by analyzing the code and data within the APK file.

Reference

http://www.ruochanit.com/
https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.ruochan.dabai/com.ruochan.dabai.md

CVSS

Base:	8.4
Impact:	5.9
Exploitability:	2.5

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

25-10-2024 - 12:56

Objavljeno

24-10-2024 - 17:15