Description
Taipower APP for Andorid developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-side TLS/SSL certificate. This flaw allows an unauthenticated remote attackers to exploit the vulnerability to perform a Man-in-the-Middle (MITM) attack to read and tamper with network packets.
Published: 2026-03-09
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Man‑in‑the‑Middle via improper certificate validation
Action: Immediate Patch
AI Analysis

Impact

Taipower APP for Android fails to verify the server’s TLS/SSL certificate when establishing an HTTPS connection. This Improper Certificate Validation flaw (CWE‑295) allows an unauthenticated remote attacker to intercept, read, or modify the data traffic between the mobile device and the Taipower server, compromising both confidentiality and integrity of the transmitted information.

Affected Systems

The vulnerability affects Taipower’s mobile application for Android devices. Applications with the version prior to 3.4.5 are vulnerable; the vendor recommends updating to version 3.4.5 or later.

Risk and Exploitability

The CVSS score of 8.3 identifies a high severity vulnerability. The EPSS score of less than 1% suggests the likelihood of exploitation is low, and the flaw is not listed in the CISA KEV catalog. The attack vector is inferred to be a remote, unauthenticated attacker capable of performing a Man‑in‑the‑Middle attack over an HTTPS session, potentially on the same network or via compromised servers.

Generated by OpenCVE AI on April 16, 2026 at 04:00 UTC.

Remediation

Vendor Solution

Please update to version 3.4.5 or later.

OpenCVE Recommended Actions

  • Update the Taipower APP to version 3.4.5 or newer as per the vendor’s official patch.
  • If an immediate update is not feasible, disable or uninstall the vulnerable app until the update is applied, and apply network monitoring to detect suspicious certificate changes or MITM attempts.
  • For custom or internal builds of the app, enforce strict TLS validation or implement certificate pinning to prevent acceptance of untrusted certificates.

Generated by OpenCVE AI on April 16, 2026 at 04:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Mar 2026 07:00:00 +0000

Type Values Removed Values Added
Description Taipower APP developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-side TLS/SSL certificate. This flaw allows an unauthenticated remote attackers to exploit the vulnerability to perform a Man-in-the-Middle (MITM) attack to read and tamper with network packets. Taipower APP for Andorid developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-side TLS/SSL certificate. This flaw allows an unauthenticated remote attackers to exploit the vulnerability to perform a Man-in-the-Middle (MITM) attack to read and tamper with network packets.
Title Taipower|Taipower APP - Improper Certificate Validation Taipower|Taipower APP(Android) - Improper Certificate Validation
CPEs cpe:2.3:a:taipower:taipower_app:*:*:android:*:*:*:*:*

Mon, 09 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 04:15:00 +0000

Type Values Removed Values Added
Description Taipower APP developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-side TLS/SSL certificate. This flaw allows an unauthenticated remote attackers to exploit the vulnerability to perform a Man-in-the-Middle (MITM) attack to read and tamper with network packets.
Title Taipower|Taipower APP - Improper Certificate Validation
First Time appeared Taipower
Taipower taipower App
Weaknesses CWE-295
CPEs cpe:2.3:a:taipower:taipower_app:*:*:*:*:*:*:*:*
Vendors & Products Taipower
Taipower taipower App
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Taipower Taipower App
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-03-11T06:49:32.983Z

Reserved: 2026-03-09T03:01:54.726Z

Link: CVE-2026-3822

cve-icon Vulnrichment

Updated: 2026-03-09T20:53:49.021Z

cve-icon NVD

Status : Modified

Published: 2026-03-09T04:16:10.173

Modified: 2026-03-11T07:16:51.220

Link: CVE-2026-3822

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T04:15:24Z

Weaknesses