VAR-201712-0178
Vulnerability from variot - Updated: 2025-04-20 23:39The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease servers, which allows remote attackers to obtain user credentials, messages, and other sensitive information by sniffing the network for XMPP traffic. Vibease Wireless Remote Vibrator and Vibease Chat An application contains an information disclosure vulnerability.Information may be obtained. Vibease Chat app for iOS is an online chat software based on iOS platform. There are security vulnerabilities in the Vibease Wireless Remote Vibrator app based on the Android platform and the Vibease Chat app based on the iOS platform. The vulnerability stems from the fact that the program exchanges messages with other applications in clear text and uses the PLAIN SASL mechanism to send identities to the Vibease server Validation token
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0178",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireless remote vibrator",
"scope": "eq",
"trust": 1.6,
"vendor": "vibease",
"version": null
},
{
"model": "chat",
"scope": "eq",
"trust": 1.6,
"vendor": "vibease",
"version": null
},
{
"model": "chat",
"scope": null,
"trust": 0.8,
"vendor": "vibease",
"version": null
},
{
"model": "wireless remote vibrator",
"scope": null,
"trust": 0.8,
"vendor": "vibease",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011060"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-794"
},
{
"db": "NVD",
"id": "CVE-2017-14486"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vibease:chat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:vibease:wireless_remote_vibrator",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011060"
}
]
},
"cve": "CVE-2017-14486",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-14486",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-105213",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-14486",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-14486",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-14486",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-794",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-105213",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105213"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011060"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-794"
},
{
"db": "NVD",
"id": "CVE-2017-14486"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease servers, which allows remote attackers to obtain user credentials, messages, and other sensitive information by sniffing the network for XMPP traffic. Vibease Wireless Remote Vibrator and Vibease Chat An application contains an information disclosure vulnerability.Information may be obtained. Vibease Chat app for iOS is an online chat software based on iOS platform. There are security vulnerabilities in the Vibease Wireless Remote Vibrator app based on the Android platform and the Vibease Chat app based on the iOS platform. The vulnerability stems from the fact that the program exchanges messages with other applications in clear text and uses the PLAIN SASL mechanism to send identities to the Vibease server Validation token",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14486"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011060"
},
{
"db": "VULHUB",
"id": "VHN-105213"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14486",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011060",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-794",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-105213",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105213"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011060"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-794"
},
{
"db": "NVD",
"id": "CVE-2017-14486"
}
]
},
"id": "VAR-201712-0178",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-105213"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:39:55.531000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105213"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011060"
},
{
"db": "NVD",
"id": "CVE-2017-14486"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://dl.acm.org/citation.cfm?id=3139942\u0026preflayout=flat"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14486"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14486"
},
{
"trust": 0.1,
"url": "https://dl.acm.org/citation.cfm?id=3139942\u0026amp;preflayout=flat"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105213"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011060"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-794"
},
{
"db": "NVD",
"id": "CVE-2017-14486"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-105213"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011060"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-794"
},
{
"db": "NVD",
"id": "CVE-2017-14486"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-01T00:00:00",
"db": "VULHUB",
"id": "VHN-105213"
},
{
"date": "2018-01-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011060"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-794"
},
{
"date": "2017-12-01T17:29:00.323000",
"db": "NVD",
"id": "CVE-2017-14486"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-105213"
},
{
"date": "2018-01-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011060"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-794"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-14486"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-794"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vibease Wireless Remote Vibrator and Vibease Chat Information disclosure vulnerability in applications",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011060"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-794"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…