CVE-2022-37857

{"id": "CVE-2022-37857", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-09-08T16:15:08.937", "references": [{"url": "https://gainsec.com/2022/08/07/cve-2022-hardcoded-creds-weak-password-hauk-android-location-sharing/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/bilde2910/Hauk/issues/187", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}, {"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default."}, {"lang": "es", "value": "bilde2910 Hauk versi\u00f3n v1.6.1, requiere una contrase\u00f1a embebida que, de forma predeterminada, est\u00e1 en blanco. Esta contrase\u00f1a embebida est\u00e1 cifrada, pero es almacenada en el lado del servidor del archivo config.php, as\u00ed como en texto sin cifrar en el dispositivo cliente de Android de forma predeterminada"}], "lastModified": "2023-08-08T14:22:24.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hauk_project:hauk:1.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02566E9E-AFE8-4920-844D-09F03C7F8F68"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}