3 matches found
CVE-2016-6547
The CVE-2016-6547 issue affects the Zizai Tech Nut mobile app, where the account password used to authenticate to the cloud API is stored in cleartext in the cache.db file. This creates a local information exposure risk, enabling a user with access to the device to retrieve sensitive credentials....
CVE-2016-6549
The CVE-2016-6549 entry concerns the Zizai Tech Nut device, where unauthenticated Bluetooth pairing enables unauthenticated connected applications to write data to the device name attribute. Affected component is the Nut device’s Bluetooth pairing/authentication logic, with impact limited to mani...
CVE-2016-6548
The CVE-2016-6548 entry concerns the Zizai Tech Nut mobile app, where HTTP requests leak the user’s authenticated session token in the URL. This exposes the session token to network-level observers, enabling potential account takeover since the token can be reused to access the user’s account. Th...