CVE-2026-3822

EPSS 0.01%
Veröffentlicht 09.03.2026 04:16:10
Zuletzt bearbeitet 11.03.2026 07:16:51
Quelle twcert@cert.org.tw
CVE-Watchlists
Login
Unerledigt
Login

Taipower APP for Andorid developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-side TLS/SSL certificate. This flaw allows an unauthenticated remote attackers to exploit the vulnerability to perform a Man-in-the-Middle (MITM) attack to read and tamper with network packets.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Taipower ≫ Taipower App Version <= 3.4.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.007

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.8	2.2	2.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
twcert@cert.org.tw	8.3	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
twcert@cert.org.tw	6.5	2.2	4.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://www.twcert.org.tw/en/cp-139-10751-23871-2.html

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-10750-3735f-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-3822

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-3822

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-3822

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-3822