CVE-2020-25493
HIGHOclean Mobile Application 2.1.2 - Use of a Broken or Risky Cryptographic Algorithm
Title source: llmDescription
Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic.
References (3)
Core 3
Core References
Product x_refsource_misc
http://oclean.com
Product x_refsource_misc
https://play.google.com/store/apps/details?id=com.yunding.noopsychebrushforeign
Exploit, Third Party Advisory x_refsource_misc
https://github.com/c3r34lk1ll3r/decrypt-oclean-traffic
Scores
CVSS v3
7.5
EPSS
0.0107
EPSS Percentile
60.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-327
CWE-798
Status
published
Products (1)
oclean/oclean
2.1.2
Published
Feb 11, 2021
Tracked Since
Feb 18, 2026