Описание
The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair
Ссылки
- MitigationVendor Advisory
- MitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.00073
Низкий
7.8 High
CVSS3
Дефекты
CWE-798
CWE-798
Связанные уязвимости
CVSS3: 7.8
github
больше 2 лет назад
The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair
EPSS
Процентиль: 22%
0.00073
Низкий
7.8 High
CVSS3
Дефекты
CWE-798
CWE-798