CVE-2024-35537

Exploit

EPSS 0.08%
Veröffentlicht 21.06.2024 17:15:10
Zuletzt bearbeitet 13.03.2025 15:15:44
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tvsmotor ≫ Tvs Connect Version4.6.0 SwPlatformandroid

Tvsmotor ≫ Tvs Connect Version5.0.0 SwPlatformiphone_os

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.24

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://github.com/aaravavi/TVS-Connect-Application-VAPT

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-35537

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-35537

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-35537

EUVD