Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
BlackVue App API deviceDelete get request method with sensitive query strings
Vulnerability Description
A vulnerability was found in BlackVue App 3.65 on Android. It has been classified as problematic. This affects the function deviceDelete of the component API Handler. The manipulation leads to use of get request method with sensitive query strings. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
通过GET请求中的查询字符串导致的信息暴露
Vulnerability Title
BlackVue App 安全漏洞
Vulnerability Description
BlackVue App是BlackVue公司的一款带有行车记录仪连接功能的软件。用于读取记录仪视频数据,查看车辆行驶记录等。 BlackVue App 3.65版本存在安全漏洞,该漏洞源于使用敏感查询字符串的GET请求方法,可能导致远程攻击者获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A