Lucene search

TR-CERTVULNRICHMENT:CVE-2024-1662

HistoryJun 05, 2024 - 11:51 a.m.

CVE-2024-1662 Information Disclosure in Porty's PowerBank

2024-06-0511:51:51

CWE-200

TR-CERT

github.com

cve-2024-1662

information disclosure

porty

powerbank

sensitive data

unauthorized actor

vulnerability

smart tech technology

application

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.3%

JSON

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data.This issue affects PowerBank Application: before 2.02.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerBank Application",
    "vendor": "PORTY Smart Tech Technology Joint Stock Company",
    "versions": [
      {
        "lessThan": "2.02",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.usom.gov.tr/bildirim/tr-24-0602

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.3%

JSON

Related for VULNRICHMENT:CVE-2024-1662