CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-5648

Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 79.4%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 4.3

References

http://packetstormsecurity.com/files/137775/Acer-Portal-Android-Application-3.9.3.2006-Man-In-The-Middle.html
http://seclists.org/fulldisclosure/2016/Jul/17
http://www.securityfocus.com/archive/1/538851/100/0/threaded
https://www.kb.cert.org/vuls/id/690343
http://packetstormsecurity.com/files/137775/Acer-Portal-Android-Application-3.9.3.2006-Man-In-The-Middle.html
http://seclists.org/fulldisclosure/2016/Jul/17
http://www.securityfocus.com/archive/1/538851/100/0/threaded
https://www.kb.cert.org/vuls/id/690343

Products affected by CVE-2016-5648

Acer » Acer Portal » Version: 3.9.3.2006

cpe:2.3:a:acer:acer_portal:3.9.3.2006

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-5648

Products

Pricing

Contact Us