CVE-2018-16222

Опубликовано: 20 нояб. 2018

Источник: nvd

CVSS3: 6.8

CVSS2: 2.1

EPSS Низкий

Описание

Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password.

Ссылки

http://packetstormsecurity.com/files/150165/QBee-Camera-iSmartAlarm-Credential-Disclosure.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Nov/2
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/150165/QBee-Camera-iSmartAlarm-Credential-Disclosure.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Nov/2
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ismartalarm:ismartalarm:*:*:*:*:*:android:*:*

Версия до 2.0.8 (включая)

EPSS

Процентиль: 23%

0.00077

Низкий

6.8 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-522

Связанные уязвимости

GHSA-xc2g-257m-xh8v