CVE-2016-6548
CRITICALnutspace nut_mobile - Unauthenticated Exposure of Sensitive Information via HTTP Session Token Transmission
Title source: llmDescription
The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
https://www.securityfocus.com/bid/93877
Exploit, Third Party Advisory x_refsource_misc
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/402847
Scores
CVSS v3
9.8
EPSS
0.0371
EPSS Percentile
88.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-200
Status
published
Products (1)
nutspace/nut_mobile
Published
Jul 13, 2018
Tracked Since
Feb 18, 2026