CVE-2021-36460

HIGH

VeryFitPro 3.2.8 - Privilege Escalation

Title source: llm

Description

VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user's account, rendering the benefits of storing hashed passwords in the database useless.

Exploits (1)

nomisec WRITEUP

by martinfrancois · poc

https://github.com/martinfrancois/CVE-2021-36460

View Code ZIP pw:eip

References (3)

Core 3

Core References

Not Applicable, Third Party Advisory, URL Repurposed x_refsource_misc

http://veryfitpro.com

Not Applicable x_refsource_misc

http://www.i-doo.cn

Exploit, Mitigation, Third Party Advisory x_refsource_misc

https://github.com/martinfrancois/CVE-2021-36460

Scores

CVSS v3 7.8

EPSS 0.0013

EPSS Percentile 31.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (1)

veryfitpro_project/veryfitpro < 3.3.7 (2 CPE variants)

Published Apr 25, 2022

Tracked Since Feb 18, 2026