10
CVE-2019-9493
- EPSS 3.57%
- Veröffentlicht 15.01.2020 17:15:14
- Zuletzt bearbeitet 21.11.2024 04:51:43
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
LoginMyCar Controls uses hard-coded credentials
The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mycarcontrols ≫ Mycar Controls SwPlatformiphone_os Version < 3.4.24
Mycarcontrols ≫ Mycar Controls SwPlatformandroid Version < 4.1.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.57% | 0.879 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| cret@cert.org | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
https://itunes.apple.com/us/app/mycar-controls/id1126511815
https://mycarcontrols.com/
https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control
https://www.kb.cert.org/vuls/id/174715/
https://www.securityfocus.com/bid/107827