CVE-2024-52614

Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK" for Android versions prior to 3.8.5. If this vulnerability is exploited, a local attacker may obtain the login ID and password for the affected product.

CVSS v3 4.0 MEDIUM

4.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability : 2.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/jp/JVN16114985/
https://play.google.com/store/apps/details?id=jp.co.kura_corpo

Configurations

No configuration.

History

21 Nov 2024, 13:57

Type	Values Removed	Values Added
Summary		(es) Existe un problema de uso de clave criptográfica codificada en la aplicación oficial de Kura Sushi producida por EPARK para las versiones de Android anteriores a la 3.8.5. Si se aprovecha esta vulnerabilidad, un atacante local puede obtener el ID de inicio de sesión y la contraseña del producto afectado.

20 Nov 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-20 06:15

Updated : 2024-11-21 13:57

NVD link : CVE-2024-52614

Mitre link : CVE-2024-52614

CVE.ORG link : CVE-2024-52614

JSON object : View

Products Affected

No product.

CWE

CWE-321

Use of Hard-coded Cryptographic Key

4.0 /10