Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Tech Nut Mobile Application by Zizai Technology

    CVE-2016-6548 (GCVE-0-2016-6548)

    Vulnerability from nvd – Published: 2018-07-13 20:00 – Updated: 2024-08-06 01:36
    VLAI
    Title
    Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token
    Summary
    The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://www.securityfocus.com/bid/93877 vdb-entryx_refsource_BID
    https://blog.rapid7.com/2016/10/25/multiple-bluet… x_refsource_MISC
    https://www.kb.cert.org/vuls/id/402847 third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Date Public
    2016-10-25 00:00
    Credits
    Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:36:27.302Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "93877",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/bid/93877"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
              },
              {
                "name": "VU#402847",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/402847"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tech Nut Mobile Application",
              "vendor": "Zizai Technology",
              "versions": [
                {
                  "status": "unknown",
                  "version": "N/A"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
            }
          ],
          "datePublic": "2016-10-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user\u0027s authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user\u0027s account."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-13T19:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "93877",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "https://www.securityfocus.com/bid/93877"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
            },
            {
              "name": "VU#402847",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/402847"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2016-6548",
              "STATE": "PUBLIC",
              "TITLE": "Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tech Nut Mobile Application",
                          "version": {
                            "version_data": [
                              {
                                "affected": "?",
                                "version_affected": "?",
                                "version_value": "N/A"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zizai Technology"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user\u0027s authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user\u0027s account."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200: Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "93877",
                  "refsource": "BID",
                  "url": "https://www.securityfocus.com/bid/93877"
                },
                {
                  "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
                },
                {
                  "name": "VU#402847",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/402847"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2016-6548",
        "datePublished": "2018-07-13T20:00:00.000Z",
        "dateReserved": "2016-08-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:36:27.302Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6547 (GCVE-0-2016-6547)

    Vulnerability from nvd – Published: 2018-07-13 20:00 – Updated: 2024-08-06 01:36
    VLAI
    Title
    Zizai Tech Nut stores the account password in cleartext
    Summary
    The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file.
    Severity
    No CVSS data available.
    CWE
    • CWE-313 - Cleartext Storage in a File or on Disk
    Assigner
    References
    URL Tags
    https://www.securityfocus.com/bid/93877 vdb-entryx_refsource_BID
    https://blog.rapid7.com/2016/10/25/multiple-bluet… x_refsource_MISC
    https://www.kb.cert.org/vuls/id/402847 third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Date Public
    2016-10-25 00:00
    Credits
    Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:36:27.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "93877",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/bid/93877"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
              },
              {
                "name": "VU#402847",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/402847"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tech Nut Mobile Application",
              "vendor": "Zizai Technology",
              "versions": [
                {
                  "status": "unknown",
                  "version": "N/A"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
            }
          ],
          "datePublic": "2016-10-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-313",
                  "description": "CWE-313: Cleartext Storage in a File or on Disk",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-13T19:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "93877",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "https://www.securityfocus.com/bid/93877"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
            },
            {
              "name": "VU#402847",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/402847"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zizai Tech Nut stores the account password in cleartext",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2016-6547",
              "STATE": "PUBLIC",
              "TITLE": "Zizai Tech Nut stores the account password in cleartext"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tech Nut Mobile Application",
                          "version": {
                            "version_data": [
                              {
                                "affected": "?",
                                "version_affected": "?",
                                "version_value": "N/A"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zizai Technology"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-313: Cleartext Storage in a File or on Disk"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "93877",
                  "refsource": "BID",
                  "url": "https://www.securityfocus.com/bid/93877"
                },
                {
                  "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
                },
                {
                  "name": "VU#402847",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/402847"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2016-6547",
        "datePublished": "2018-07-13T20:00:00.000Z",
        "dateReserved": "2016-08-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:36:27.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6548 (GCVE-0-2016-6548)

    Vulnerability from cvelistv5 – Published: 2018-07-13 20:00 – Updated: 2024-08-06 01:36
    VLAI
    Title
    Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token
    Summary
    The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://www.securityfocus.com/bid/93877 vdb-entryx_refsource_BID
    https://blog.rapid7.com/2016/10/25/multiple-bluet… x_refsource_MISC
    https://www.kb.cert.org/vuls/id/402847 third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Date Public
    2016-10-25 00:00
    Credits
    Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:36:27.302Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "93877",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/bid/93877"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
              },
              {
                "name": "VU#402847",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/402847"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tech Nut Mobile Application",
              "vendor": "Zizai Technology",
              "versions": [
                {
                  "status": "unknown",
                  "version": "N/A"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
            }
          ],
          "datePublic": "2016-10-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user\u0027s authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user\u0027s account."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-13T19:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "93877",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "https://www.securityfocus.com/bid/93877"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
            },
            {
              "name": "VU#402847",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/402847"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2016-6548",
              "STATE": "PUBLIC",
              "TITLE": "Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tech Nut Mobile Application",
                          "version": {
                            "version_data": [
                              {
                                "affected": "?",
                                "version_affected": "?",
                                "version_value": "N/A"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zizai Technology"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user\u0027s authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user\u0027s account."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200: Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "93877",
                  "refsource": "BID",
                  "url": "https://www.securityfocus.com/bid/93877"
                },
                {
                  "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
                },
                {
                  "name": "VU#402847",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/402847"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2016-6548",
        "datePublished": "2018-07-13T20:00:00.000Z",
        "dateReserved": "2016-08-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:36:27.302Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6547 (GCVE-0-2016-6547)

    Vulnerability from cvelistv5 – Published: 2018-07-13 20:00 – Updated: 2024-08-06 01:36
    VLAI
    Title
    Zizai Tech Nut stores the account password in cleartext
    Summary
    The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file.
    Severity
    No CVSS data available.
    CWE
    • CWE-313 - Cleartext Storage in a File or on Disk
    Assigner
    References
    URL Tags
    https://www.securityfocus.com/bid/93877 vdb-entryx_refsource_BID
    https://blog.rapid7.com/2016/10/25/multiple-bluet… x_refsource_MISC
    https://www.kb.cert.org/vuls/id/402847 third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Date Public
    2016-10-25 00:00
    Credits
    Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:36:27.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "93877",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/bid/93877"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
              },
              {
                "name": "VU#402847",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/402847"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tech Nut Mobile Application",
              "vendor": "Zizai Technology",
              "versions": [
                {
                  "status": "unknown",
                  "version": "N/A"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
            }
          ],
          "datePublic": "2016-10-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-313",
                  "description": "CWE-313: Cleartext Storage in a File or on Disk",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-13T19:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "93877",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "https://www.securityfocus.com/bid/93877"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
            },
            {
              "name": "VU#402847",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/402847"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zizai Tech Nut stores the account password in cleartext",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2016-6547",
              "STATE": "PUBLIC",
              "TITLE": "Zizai Tech Nut stores the account password in cleartext"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tech Nut Mobile Application",
                          "version": {
                            "version_data": [
                              {
                                "affected": "?",
                                "version_affected": "?",
                                "version_value": "N/A"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zizai Technology"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-313: Cleartext Storage in a File or on Disk"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "93877",
                  "refsource": "BID",
                  "url": "https://www.securityfocus.com/bid/93877"
                },
                {
                  "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
                },
                {
                  "name": "VU#402847",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/402847"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2016-6547",
        "datePublished": "2018-07-13T20:00:00.000Z",
        "dateReserved": "2016-08-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:36:27.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }