CVE-2024-10748

A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmodule/db/RealmDB.java of the component Realm Database Handler. The manipulation of the argument defaultRealmKey leads to use of default cryptographic key. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cosmote:what\'s_up:4.47.3:*:*:*:*:android:*:*

History

06 Nov 2024, 15:06

Type Values Removed Values Added
First Time Cosmote
Cosmote what\'s Up
References () https://github.com/secuserx/CVE/blob/main/%5BHardcoded%20Realm%20Database%20Encryption%20Key%5D%20found%20in%20What's%20UP%20Android%20App%204.47.3%20-%20(RealmDB.java).md - () https://github.com/secuserx/CVE/blob/main/%5BHardcoded%20Realm%20Database%20Encryption%20Key%5D%20found%20in%20What's%20UP%20Android%20App%204.47.3%20-%20(RealmDB.java).md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.282917 - () https://vuldb.com/?ctiid.282917 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.282917 - () https://vuldb.com/?id.282917 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.432429 - () https://vuldb.com/?submit.432429 - Exploit, Third Party Advisory, VDB Entry
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como problemática en la aplicación Cosmote Greece What's Up 4.47.3 para Android. Este problema afecta a algunos procesos desconocidos del archivo gr/desquared/kmmsharedmodule/db/RealmDB.java del componente Realm Database Handler. La manipulación del argumento defaultRealmKey conduce al uso de la clave criptográfica predeterminada. Se requiere acceso local para abordar este ataque. La complejidad de un ataque es bastante alta. Se sabe que la explotación es difícil. Se contactó al proveedor con anticipación sobre esta divulgación, pero no respondió de ninguna manera.
CVSS v2 : 1.0
v3 : 2.5
v2 : 1.0
v3 : 4.7
CPE cpe:2.3:a:cosmote:what\'s_up:4.47.3:*:*:*:*:android:*:*
CWE CWE-798

04 Nov 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-04 01:15

Updated : 2024-11-06 15:06


NVD link : CVE-2024-10748

Mitre link : CVE-2024-10748

CVE.ORG link : CVE-2024-10748


JSON object : View

Products Affected

cosmote

  • what\'s_up
CWE
CWE-798

Use of Hard-coded Credentials

CWE-1394

Use of Default Cryptographic Key