Описание
The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number via a bruteforce attack.
EPSS
Процентиль: 13%
0.00042
Низкий
9.3 Critical
CVSS3
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 9.3
github
больше 1 года назад
The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number via a bruteforce attack.
EPSS
Процентиль: 13%
0.00042
Низкий
9.3 Critical
CVSS3
Дефекты
CWE-863