Vulnerability Details CVE-2016-6548
The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
References
- https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
- https://www.kb.cert.org/vuls/id/402847
- https://www.securityfocus.com/bid/93877
- https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
- https://www.kb.cert.org/vuls/id/402847
- https://www.securityfocus.com/bid/93877
Products affected by CVE-2016-6548
-
cpe:2.3:a:nutspace:nut_mobile:-