漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt, modify, and re-encrypt the update manifest, allowing them to direct the application to download a malicious update package.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Xtool AnyScan App 安全漏洞
Vulnerability Description
Xtool AnyScan App是中国Xtool公司的一款汽车诊断移动应用。 Xtool AnyScan App 4.40.40及之前版本存在安全漏洞,该漏洞源于使用硬编码密钥解密更新元数据。
CVSS Information
N/A
Vulnerability Type
N/A