CVE-2024-35537

TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption.
References
Link Resource
https://github.com/aaravavi/TVS-Connect-Application-VAPT Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:tvsmotor:tvs_connect:4.6.0:*:*:*:*:android:*:*
cpe:2.3:a:tvsmotor:tvs_connect:5.0.0:*:*:*:*:iphone_os:*:*

History

24 Jun 2024, 19:40

Type Values Removed Values Added
CPE cpe:2.3:a:tvsmotor:tvs_connect:5.0.0:*:*:*:*:iphone_os:*:*
cpe:2.3:a:tvsmotor:tvs_connect:4.6.0:*:*:*:*:android:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-327
First Time Tvsmotor tvs Connect
Tvsmotor
References () https://github.com/aaravavi/TVS-Connect-Application-VAPT - () https://github.com/aaravavi/TVS-Connect-Application-VAPT - Exploit, Third Party Advisory
Summary
  • (es) Se descubrió que TVS Motor Company Limited TVS Connect Android v4.6.0 e IOS v5.0.0 manejan de forma insegura el par de claves RSA, lo que permite a los atacantes posiblemente acceder a información confidencial mediante el descifrado.

21 Jun 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-21 17:15

Updated : 2024-06-24 19:40


NVD link : CVE-2024-35537

Mitre link : CVE-2024-35537

CVE.ORG link : CVE-2024-35537


JSON object : View

Products Affected

tvsmotor

  • tvs_connect
CWE
CWE-327

Use of a Broken or Risky Cryptographic Algorithm