Open
Description
{
"id": 38,
"title": "RVD#38: App-to-Server Missing Encryption",
"type": "vulnerability",
"description": "The Alpha 1S android application does not verify any cryptographic signature when downloading and installing the APK update into the mobile device. Furthermore, due to \"App-to-Server Missing Encryption\" it is possible to perform a man-in-the-middle attack in order to change the APK URL and install a customized malware on the device. Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
"cwe": "CWE-Missing Encryption of Sensitive Data (CWE-311)",
"cve": "None",
"keywords": [
"components hardware",
"robot component: Alpha 1S android application",
"severity: high",
"state: new",
"vendor: UBTech Robotics",
"vulnerability"
],
"system": "Alpha 1S android application",
"vendor": "UBTech Robotics",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:L/AC:L/PR:N/UI:R/Y:T/S:C/C:H/I:H/A:N/H:H",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/38"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-03-01",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-03-01",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/38",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}