4.7

CVE-2024-10748

Exploit

Cosmote Greece What's Up App Realm Database RealmDB.java default key

A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmodule/db/RealmDB.java of the component Realm Database Handler. The manipulation of the argument defaultRealmKey leads to use of default cryptographic key. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CosmoteWhat's Up Version4.47.3 SwPlatformandroid
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.175
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com 2 0 0
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 2.5 1 1.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com 1 1.5 2.9
AV:L/AC:H/Au:S/C:P/I:N/A:N
CWE-1394 Use of Default Cryptographic Key

The product uses a default cryptographic key for potentially critical functionality.

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://github.com/secuserx/CVE/blob/main/%5BHardcoded%20Realm%20Database%20Encryption%20Key%5D%20found%20in%20What's%20UP%20Android%20App%204.47.3%20-%20(RealmDB.java).md
Third Party Advisory
Exploit
https://vuldb.com/?ctiid.282917
VDB Entry
Permissions Required
https://vuldb.com/?id.282917
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.432429
Third Party Advisory
Exploit
VDB Entry