CVE-2016-6548 - OpenCVE

The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nutspace	Nut Mobile

Configuration 1 [-]

cpe:2.3:a:nutspace:nut_mobile:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
https://www.kb.cert.org/vuls/id/402847
https://www.securityfocus.com/bid/93877

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2018-07-13T20:00:00

Updated: 2024-08-06T01:36:27.302Z

Reserved: 2016-08-03T00:00:00

Link: CVE-2016-6548

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-07-13T20:29:00.503

Modified: 2019-10-09T23:19:14.237

Link: CVE-2016-6548

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Tech Nut Mobile Application", "vendor": "Zizai Technology", "versions": [{"status": "unknown", "version": "N/A"}]}], "credits": [{"lang": "en", "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."}], "datePublic": "2016-10-25T00:00:00", "descriptions": [{"lang": "en", "value": "The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200: Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-13T19:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "93877", "tags": ["vdb-entry", "x_refsource_BID"], "url": "https://www.securityfocus.com/bid/93877"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"}, {"name": "VU#402847", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/402847"}], "source": {"discovery": "UNKNOWN"}, "title": "Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-6548", "STATE": "PUBLIC", "TITLE": "Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Tech Nut Mobile Application", "version": {"version_data": [{"affected": "?", "version_affected": "?", "version_value": "N/A"}]}}]}, "vendor_name": "Zizai Technology"}]}}, "credit": [{"lang": "eng", "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200: Information Exposure"}]}]}, "references": {"reference_data": [{"name": "93877", "refsource": "BID", "url": "https://www.securityfocus.com/bid/93877"}, {"name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", "refsource": "MISC", "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"}, {"name": "VU#402847", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/402847"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:36:27.302Z"}, "title": "CVE Program Container", "references": [{"name": "93877", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "https://www.securityfocus.com/bid/93877"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"}, {"name": "VU#402847", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/402847"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-6548", "datePublished": "2018-07-13T20:00:00", "dateReserved": "2016-08-03T00:00:00", "dateUpdated": "2024-08-06T01:36:27.302Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nutspace:nut_mobile:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C9A2A31-4451-4912-BF48-0ABB3725B13C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account."}, {"lang": "es", "value": "La aplicaci\u00f3n m\u00f3vil de Zizai Tech Nut realiza peticiones mediante HTTP en lugar de HTTPS. Estas peticiones contienen el token de la sesi\u00f3n autenticada del usuario en la URL. Un atacante puede capturar estas peticiones y reutilizar el token de sesi\u00f3n para obtener acceso total a la cuenta del usuario."}], "id": "CVE-2016-6548", "lastModified": "2019-10-09T23:19:14.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-13T20:29:00.503", "references": [{"source": "cret@cert.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/402847"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.securityfocus.com/bid/93877"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "cret@cert.org", "type": "Secondary"}]}