Search

Find a vulnerability

Search criteria

    3 vulnerabilities by mycarcontrols

    VAR-202001-0455

    Vulnerability from variot - Updated: 2025-01-30 21:03

    The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia. AutoMobility Distribution Inc Smartphone app " MyCar Controls Is a hard-coded management authentication information that can be used as an alternative to the username and password when the user communicates to the server endpoint (CWE-798) Exists.A remote unauthorized third party may send commands to or obtain data from the product. AutoMobility Distribution MyCar Controls is prone to a security-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access to the affected device, obtain sensitive information, or bypass authentication mechanism and perform unauthorized actions. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0455",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mycar controls",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mycarcontrols",
            "version": "3.4.24"
          },
          {
            "model": "mycar controls",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mycarcontrols",
            "version": "4.1.2"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "automobility distribution",
            "version": null
          },
          {
            "model": "mycar controls",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "automobility distribution",
            "version": "android the app  v4.1.2 earlier"
          },
          {
            "model": "mycar controls",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "automobility distribution",
            "version": "ios the app  v3.4.24 earlier"
          },
          {
            "model": "distribution mycar controls for android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "automobility",
            "version": "4.0.12"
          },
          {
            "model": "distribution mycar controls for android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "automobility",
            "version": "3.4.29"
          },
          {
            "model": "distribution mycar controls for android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "automobility",
            "version": "3.3.22"
          },
          {
            "model": "distribution mycar controls",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "automobility",
            "version": "3.3.95"
          },
          {
            "model": "distribution mycar controls",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "automobility",
            "version": "3.3.56"
          },
          {
            "model": "distribution mycar controls",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "automobility",
            "version": "3.3.40"
          },
          {
            "model": "distribution mycar controls for android",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "automobility",
            "version": "4.1.2"
          },
          {
            "model": "distribution mycar controls",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "automobility",
            "version": "3.4.24"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#174715"
          },
          {
            "db": "BID",
            "id": "107827"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002558"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9493"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:misc:mycar_controls",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002558"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jmaxxz",
        "sources": [
          {
            "db": "BID",
            "id": "107827"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-519"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2019-9493",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-9493",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 7.5,
                "collateralDamagePotential": "LOW",
                "confidentialityImpact": "PARTIAL",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 1.6,
                "exploitability": "PROOF-OF-CONCEPT",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-9493",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "OFFICIAL FIX",
                "reportConfidence": "CONFIRMED",
                "severity": "HIGH",
                "targetDistribution": "LOW",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vector_string": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "JPCERT/CC",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-002558",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-9493",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cret@cert.org",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-9493",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "JPCERT/CC",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-002558",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-9493",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "cret@cert.org",
                "id": "CVE-2019-9493",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-9493",
                "trust": 0.8,
                "value": "HIGH"
              },
              {
                "author": "JPCERT/CC",
                "id": "JVNDB-2019-002558",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201904-519",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-9493",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#174715"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9493"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-519"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9493"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9493"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia. AutoMobility Distribution Inc Smartphone app \" MyCar Controls Is a hard-coded management authentication information that can be used as an alternative to the username and password when the user communicates to the server endpoint (CWE-798) Exists.A remote unauthorized third party may send commands to or obtain data from the product. AutoMobility Distribution MyCar Controls is prone to a security-bypass vulnerability. \nAttackers can exploit this issue to gain unauthorized access to the affected device, obtain sensitive information, or bypass authentication mechanism and perform unauthorized actions. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9493"
          },
          {
            "db": "CERT/CC",
            "id": "VU#174715"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002558"
          },
          {
            "db": "BID",
            "id": "107827"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9493"
          }
        ],
        "trust": 2.7
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.kb.cert.org/vuls/id/174715",
            "trust": 0.8,
            "type": "poc"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#174715"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#174715",
            "trust": 3.6
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9493",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "107827",
            "trust": 2.0
          },
          {
            "db": "JVN",
            "id": "JVNVU96036964",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002558",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-519",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9493",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#174715"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9493"
          },
          {
            "db": "BID",
            "id": "107827"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-519"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9493"
          }
        ]
      },
      "id": "VAR-202001-0455",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "vehicle device"
            ],
            "sub_category": "vehicle",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T21:03:57.978000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "My Car | Start, control and locate your car from virtually anywhere",
            "trust": 0.8,
            "url": "https://mycarcontrols.com/"
          },
          {
            "title": "MyCar Controls - App Store",
            "trust": 0.8,
            "url": "https://itunes.apple.com/ca/app/mycar-controls/id1126511815"
          },
          {
            "title": "MyCar Controls - Google Play \u306e Android \u30a2\u30d7\u30ea",
            "trust": 0.8,
            "url": "https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control"
          },
          {
            "title": "AutoMobility Distribution MyCar Controls Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91336"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-519"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9493"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://mycarcontrols.com/"
          },
          {
            "trust": 2.8,
            "url": "https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control"
          },
          {
            "trust": 2.8,
            "url": "https://www.kb.cert.org/vuls/id/174715/"
          },
          {
            "trust": 2.5,
            "url": "https://itunes.apple.com/us/app/mycar-controls/id1126511815"
          },
          {
            "trust": 2.3,
            "url": "https://www.securityfocus.com/bid/107827"
          },
          {
            "trust": 0.9,
            "url": "https://cwe.mitre.org/data/definitions/798.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9493"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96036964/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9493"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.kb.cert.org/vuls/id/174715"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#174715"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9493"
          },
          {
            "db": "BID",
            "id": "107827"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-519"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9493"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#174715"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9493"
          },
          {
            "db": "BID",
            "id": "107827"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-519"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9493"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#174715"
          },
          {
            "date": "2020-01-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-9493"
          },
          {
            "date": "2019-04-08T00:00:00",
            "db": "BID",
            "id": "107827"
          },
          {
            "date": "2019-04-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-002558"
          },
          {
            "date": "2019-04-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201904-519"
          },
          {
            "date": "2020-01-15T17:15:14.660000",
            "db": "NVD",
            "id": "CVE-2019-9493"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#174715"
          },
          {
            "date": "2020-01-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-9493"
          },
          {
            "date": "2019-04-08T00:00:00",
            "db": "BID",
            "id": "107827"
          },
          {
            "date": "2019-04-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-002558"
          },
          {
            "date": "2020-01-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201904-519"
          },
          {
            "date": "2024-11-21T04:51:43.527000",
            "db": "NVD",
            "id": "CVE-2019-9493"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-519"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "MyCar Controls uses hard-coded credentials",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#174715"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-519"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2019-9493 (GCVE-0-2019-9493)

    Vulnerability from nvd – Published: 2020-01-15 17:05 – Updated: 2024-09-17 03:27
    VLAI
    Title
    MyCar Controls uses hard-coded credentials
    Summary
    The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia.
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Date Public
    2019-04-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.307Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#174715",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/174715/"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/bid/107827"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mycarcontrols.com/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://itunes.apple.com/us/app/mycar-controls/id1126511815"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "iOS"
              ],
              "product": "MyCar Controls",
              "vendor": "AutoMobility Distribution Inc.",
              "versions": [
                {
                  "lessThan": "3.4.24",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Android"
              ],
              "product": "MyCar Controls",
              "vendor": "AutoMobility Distribution Inc.",
              "versions": [
                {
                  "lessThan": "4.1.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-15T17:05:26.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#174715",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/174715/"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "https://www.securityfocus.com/bid/107827"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mycarcontrols.com/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://itunes.apple.com/us/app/mycar-controls/id1126511815"
            }
          ],
          "source": {
            "advisory": "VU#174715",
            "discovery": "EXTERNAL"
          },
          "title": "MyCar Controls uses hard-coded credentials",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-04-08T00:00:00.000Z",
              "ID": "CVE-2019-9493",
              "STATE": "PUBLIC",
              "TITLE": "MyCar Controls uses hard-coded credentials"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MyCar Controls",
                          "version": {
                            "version_data": [
                              {
                                "platform": "iOS",
                                "version_affected": "\u003c",
                                "version_value": "3.4.24"
                              },
                              {
                                "platform": "Android",
                                "version_affected": "\u003c",
                                "version_value": "4.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AutoMobility Distribution Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#174715",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/174715/"
                },
                {
                  "name": "https://www.securityfocus.com/bid/107827",
                  "refsource": "BID",
                  "url": "https://www.securityfocus.com/bid/107827"
                },
                {
                  "name": "https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control",
                  "refsource": "MISC",
                  "url": "https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control"
                },
                {
                  "name": "https://mycarcontrols.com/",
                  "refsource": "MISC",
                  "url": "https://mycarcontrols.com/"
                },
                {
                  "name": "https://itunes.apple.com/us/app/mycar-controls/id1126511815",
                  "refsource": "MISC",
                  "url": "https://itunes.apple.com/us/app/mycar-controls/id1126511815"
                }
              ]
            },
            "source": {
              "advisory": "VU#174715",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9493",
        "datePublished": "2020-01-15T17:05:27.083Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:27:50.908Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9493 (GCVE-0-2019-9493)

    Vulnerability from cvelistv5 – Published: 2020-01-15 17:05 – Updated: 2024-09-17 03:27
    VLAI
    Title
    MyCar Controls uses hard-coded credentials
    Summary
    The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia.
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Date Public
    2019-04-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.307Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#174715",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/174715/"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/bid/107827"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mycarcontrols.com/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://itunes.apple.com/us/app/mycar-controls/id1126511815"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "iOS"
              ],
              "product": "MyCar Controls",
              "vendor": "AutoMobility Distribution Inc.",
              "versions": [
                {
                  "lessThan": "3.4.24",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Android"
              ],
              "product": "MyCar Controls",
              "vendor": "AutoMobility Distribution Inc.",
              "versions": [
                {
                  "lessThan": "4.1.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-15T17:05:26.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#174715",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/174715/"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "https://www.securityfocus.com/bid/107827"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mycarcontrols.com/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://itunes.apple.com/us/app/mycar-controls/id1126511815"
            }
          ],
          "source": {
            "advisory": "VU#174715",
            "discovery": "EXTERNAL"
          },
          "title": "MyCar Controls uses hard-coded credentials",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-04-08T00:00:00.000Z",
              "ID": "CVE-2019-9493",
              "STATE": "PUBLIC",
              "TITLE": "MyCar Controls uses hard-coded credentials"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MyCar Controls",
                          "version": {
                            "version_data": [
                              {
                                "platform": "iOS",
                                "version_affected": "\u003c",
                                "version_value": "3.4.24"
                              },
                              {
                                "platform": "Android",
                                "version_affected": "\u003c",
                                "version_value": "4.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AutoMobility Distribution Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#174715",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/174715/"
                },
                {
                  "name": "https://www.securityfocus.com/bid/107827",
                  "refsource": "BID",
                  "url": "https://www.securityfocus.com/bid/107827"
                },
                {
                  "name": "https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control",
                  "refsource": "MISC",
                  "url": "https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control"
                },
                {
                  "name": "https://mycarcontrols.com/",
                  "refsource": "MISC",
                  "url": "https://mycarcontrols.com/"
                },
                {
                  "name": "https://itunes.apple.com/us/app/mycar-controls/id1126511815",
                  "refsource": "MISC",
                  "url": "https://itunes.apple.com/us/app/mycar-controls/id1126511815"
                }
              ]
            },
            "source": {
              "advisory": "VU#174715",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9493",
        "datePublished": "2020-01-15T17:05:27.083Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:27:50.908Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }