CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
51.4%
“Hulu / フールー” App for Android provided by HJ Holdings, Inc. uses a hard-coded API key for an external service (CWE-798).
The hard-coded API key may be retrieved via reverse-engineering the application binary.
Note that the application users are not directly affected by this vulnerability.
The hard-coded API key has been revoked by the developer on June 7, 2022 and this vulnerability is not exploitable now.
The developer has released “Hulu / フールー” App for Android version 3.1.2 without any API key hard-coded.