18 matches found
EUVD-2016-7468
Malware in sbrugna...
EUVD-2016-7469
Malware in sbrugna...
EUVD-2016-7470
Malware in sbrugna...
CVE-2016-6548
The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account...
Code injection
The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute...
Design/Logic Flaw
The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file...
CVE-2016-6549
The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute...
CVE-2016-6547
The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file...
Design/Logic Flaw
The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account...
CVE-2016-6548 Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token
The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account...
CVE-2016-6547 Zizai Tech Nut stores the account password in cleartext
The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file...
CVE-2016-6549 Zizai Tech Nut allows for unauthenticated Bluetooth pairing
The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute...
CVE-2016-6548
The CVE-2016-6548 entry concerns the Zizai Tech Nut mobile app, where HTTP requests leak the user’s authenticated session token in the URL. This exposes the session token to network-level observers, enabling potential account takeover since the token can be reused to access the user’s account. Th...
CVE-2016-6549
The CVE-2016-6549 entry concerns the Zizai Tech Nut device, where unauthenticated Bluetooth pairing enables unauthenticated connected applications to write data to the device name attribute. Affected component is the Nut device’s Bluetooth pairing/authentication logic, with impact limited to mani...
CVE-2016-6547
The CVE-2016-6547 issue affects the Zizai Tech Nut mobile app, where the account password used to authenticate to the cloud API is stored in cleartext in the cache.db file. This creates a local information exposure risk, enabling a user with access to the device to retrieve sensitive credentials....
Zizai Tech Nut Plaintext Password Vulnerability
Zizai Tech Nut is a Nut smart finder and anti-loss patch product from China's Zizai Tech. Zizai Tech Nut stores passwords in plaintext. A remote attacker could exploit this vulnerability to track a user's location...
Zizai Tech Nut Design Vulnerability
Zizai Tech Nut is a Nut smart finder and anti-loss patch product from China's Zizai Tech. Zizai Tech Nut allows unauthorized pairing of Bluetooth devices, which can be exploited by a remote attacker to submit a special request to write data to the device name attribute...
Zizai Tech Nut contains multiple vulnerabilities
Overview Zizai Tech Nut contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-313: Cleartext Storage in a File or on Disk - CVE-2016-6547The Nut mobile app stores the account password used to authenticate to the cloud API in...