CVE-2017-20200

A vulnerability has been found in Coinomi up to 1.7.6. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The vendor replied with: "(...) there isn't any security implication associated with your findings."

CVSS v3 3.7 LOW
CVSS v2.0 2.6 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://vuldb.com/?ctiid.325143
https://vuldb.com/?id.325143
https://vuldb.com/?submit.653875
https://web.archive.org/web/20171013065745/https://github.com/Coinomi/coinomi-android/issues/213
https://web.archive.org/web/20171013065745/https://github.com/Coinomi/coinomi-android/issues/213#issuecomment-332371549
https://www.reddit.com/r/Bitcoin/comments/72yvnj/so_coinomis_official_response_on_the/
https://www.reddit.com/r/CryptoCurrency/comments/72osq7/security_warning_coinomi_wallet_transmits_all/dnkhpob/

Configurations

No configuration.

History

23 Sep 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-23 14:15

Updated : 2025-09-24 18:11

NVD link : CVE-2017-20200

Mitre link : CVE-2017-20200

CVE.ORG link : CVE-2017-20200

JSON object : View

Products Affected

No product.

CWE

CWE-310

Cryptographic Issues

CWE-319

Cleartext Transmission of Sensitive Information

{"id": "CVE-2017-20200", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-09-23T14:15:35.257", "references": [{"url": "https://vuldb.com/?ctiid.325143", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.325143", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.653875", "source": "cna@vuldb.com"}, {"url": "https://web.archive.org/web/20171013065745/https://github.com/Coinomi/coinomi-android/issues/213", "source": "cna@vuldb.com"}, {"url": "https://web.archive.org/web/20171013065745/https://github.com/Coinomi/coinomi-android/issues/213#issuecomment-332371549", "source": "cna@vuldb.com"}, {"url": "https://www.reddit.com/r/Bitcoin/comments/72yvnj/so_coinomis_official_response_on_the/", "source": "cna@vuldb.com"}, {"url": "https://www.reddit.com/r/CryptoCurrency/comments/72osq7/security_warning_coinomi_wallet_transmits_all/dnkhpob/", "source": "cna@vuldb.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-310"}, {"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Coinomi up to 1.7.6. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The vendor replied with: \"(...) there isn't any security implication associated with your findings.\""}], "lastModified": "2025-09-24T18:11:24.520", "sourceIdentifier": "cna@vuldb.com"}