CVE-2019-17356

MEDIUM

Infinitestudio Infinite Design - Cleartext Transmission

Title source: rule

Description

The Infinite Design application 3.4.12 for Android sends a username and password via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network.

References (2)

[Exploit, Third Party Advisory] https://bit.ly/2kfL7xE

[Exploit, Third Party Advisory] https://pastebin.com/yUFxs2J7

Scores

CVSS v3 6.5

EPSS 0.0003

EPSS Percentile 10.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-319 CWE-522

Status published

Affected Products (1)

infinitestudio/infinite_design

Timeline

Published Oct 15, 2019

Tracked Since Feb 18, 2026