Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
BlackVue App API Endpoint credentials storage
Vulnerability Description
A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCS_TOKEN/SECRET_KEY leads to unprotected storage of credentials. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
明文存储口令
Vulnerability Title
BlackVue App 安全漏洞
Vulnerability Description
BlackVue App是BlackVue公司的一款带有行车记录仪连接功能的软件。用于读取记录仪视频数据,查看车辆行驶记录等。 BlackVue App 3.65版本存在安全漏洞,该漏洞源于凭据存储不当,可能导致本地攻击者获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A