mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
119 lines
4.4 KiB
JSON
119 lines
4.4 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2025-2355",
|
|
"ASSIGNER": "cna@vuldb.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCS_TOKEN/SECRET_KEY leads to unprotected storage of credentials. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
|
|
},
|
|
{
|
|
"lang": "deu",
|
|
"value": "Eine Schwachstelle wurde in BlackVue App 3.65 f\u00fcr Android gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente API Endpoint Handler. Mittels Manipulieren des Arguments BCS_TOKEN/SECRET_KEY mit unbekannten Daten kann eine unprotected storage of credentials-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Unprotected Storage of Credentials",
|
|
"cweId": "CWE-256"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Credentials Management",
|
|
"cweId": "CWE-255"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "BlackVue",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "App",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3.65"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://vuldb.com/?id.299822",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?id.299822"
|
|
},
|
|
{
|
|
"url": "https://vuldb.com/?ctiid.299822",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?ctiid.299822"
|
|
},
|
|
{
|
|
"url": "https://vuldb.com/?submit.513351",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?submit.513351"
|
|
},
|
|
{
|
|
"url": "https://github.com/geo-chen/BlackVue/blob/main/README.md#finding-2-hardcoded-secrets-exposed-in-plaintext",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/geo-chen/BlackVue/blob/main/README.md#finding-2-hardcoded-secrets-exposed-in-plaintext"
|
|
}
|
|
]
|
|
},
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "geochen (VulDB User)"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"version": "3.1",
|
|
"baseScore": 3.3,
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
|
|
"baseSeverity": "LOW"
|
|
},
|
|
{
|
|
"version": "3.0",
|
|
"baseScore": 3.3,
|
|
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
|
|
"baseSeverity": "LOW"
|
|
},
|
|
{
|
|
"version": "2.0",
|
|
"baseScore": 1.7,
|
|
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N"
|
|
}
|
|
]
|
|
}
|
|
} |