CVE-2012-3887

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-3887
AirDroid before 1.0.7 beta uses a cleartext base64 format for data transfer that is documented as an "Encrypted Transmission" feature, which allows remote attackers to obtain sensitive information by sniffing the local wireless network, as demonstrated by the SMS message content sent to the sdctl/sms/send/single/ URI.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html Exploit
http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt Exploit
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:airdroid:airdroid:*:beta:*:*:*:*:*:*
cpe:2.3:a:airdroid:airdroid:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:airdroid:airdroid:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:airdroid:airdroid:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:airdroid:airdroid:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:airdroid:airdroid:1.0.4:beta:*:*:*:*:*:*
cpe:2.3:a:airdroid:airdroid:1.0.5:*:*:*:*:*:*:*
History

No history.

Information

Published : 2012-07-26 22:55

Updated : 2024-02-04 18:16

NVD link : CVE-2012-3887

Mitre link : CVE-2012-3887

CVE.ORG link : CVE-2012-3887

JSON object : View

Products Affected

airdroid

  • airdroid
CWE
CWE-310

Cryptographic Issues