Description
The server API in the Anda app relies on hardcoded credentials.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://gustavosilva.me/blog/2018/10/23/How-I-hacked-Anda-the-public-transportation-app-of-Porto-CVE-2018-13342.html
Scores
CVSS v3
9.8
EPSS
0.0114
EPSS Percentile
62.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (1)
linhandante/anda
Published
Oct 24, 2018
Tracked Since
Feb 18, 2026