CVE-2025-3329

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-3329
A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8. This affects an unknown part of the component Restaurant Order Handler. The manipulation of the argument Login/Password leads to cleartext transmission of sensitive information. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

3.1 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.8 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 3.2 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
https://medium.com/@davimouar/from-order-to-exploit-a-deep-dive-into-restaurant-network-security-64aeaf3a6f64 Exploit
https://vuldb.com/?ctiid.303543 Permissions Required VDB Entry
https://vuldb.com/?id.303543 Third Party Advisory VDB Entry
https://vuldb.com/?submit.551790 Third Party Advisory VDB Entry
https://medium.com/@davimouar/from-order-to-exploit-a-deep-dive-into-restaurant-network-security-64aeaf3a6f64 Exploit
https://vuldb.com/?submit.551790 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:consumer:comanda_mobile:*:*:*:*:*:*:*:*
History

08 Apr 2025, 18:55

Type Values Removed Values Added
First Time Consumer
Consumer comanda Mobile
CPE cpe:2.3:a:consumer:comanda_mobile:*:*:*:*:*:*:*:*
References () https://medium.com/@davimouar/from-order-to-exploit-a-deep-dive-into-restaurant-network-security-64aeaf3a6f64 - () https://medium.com/@davimouar/from-order-to-exploit-a-deep-dive-into-restaurant-network-security-64aeaf3a6f64 - Exploit
References () https://vuldb.com/?ctiid.303543 - () https://vuldb.com/?ctiid.303543 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.303543 - () https://vuldb.com/?id.303543 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.551790 - () https://vuldb.com/?submit.551790 - Third Party Advisory, VDB Entry

07 Apr 2025, 14:17

Type Values Removed Values Added
Summary
  • (es) Se ha detectado una vulnerabilidad clasificada como problemática en Consumer Comanda Mobile (hasta la versión 14.9.3.2/15.0.0.8). Esta vulnerabilidad afecta a una parte desconocida del componente Restaurant Order Handler. La manipulación del argumento "Inicio de sesión/Contraseña" provoca la transmisión de información confidencial en texto plano. El ataque solo puede iniciarse dentro de la red local. Es un ataque de complejidad bastante alta. Parece difícil de explotar. Se ha hecho público el exploit y puede que sea utilizado.
References () https://medium.com/@davimouar/from-order-to-exploit-a-deep-dive-into-restaurant-network-security-64aeaf3a6f64 - () https://medium.com/@davimouar/from-order-to-exploit-a-deep-dive-into-restaurant-network-security-64aeaf3a6f64 -
References () https://vuldb.com/?submit.551790 - () https://vuldb.com/?submit.551790 -

07 Apr 2025, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-07 01:15

Updated : 2025-04-08 18:55

NVD link : CVE-2025-3329

Mitre link : CVE-2025-3329

CVE.ORG link : CVE-2025-3329

JSON object : View

Products Affected

consumer

  • comanda_mobile
CWE
CWE-310

Cryptographic Issues

CWE-319

Cleartext Transmission of Sensitive Information