Vulnerability Details CVE-2016-6547
The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.6%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 2.1
References
- https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
- https://www.kb.cert.org/vuls/id/402847
- https://www.securityfocus.com/bid/93877
- https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
- https://www.kb.cert.org/vuls/id/402847
- https://www.securityfocus.com/bid/93877
Products affected by CVE-2016-6547
-
cpe:2.3:a:nutspace:nut_mobile:-