CVE-2020-12702

MEDIUM Year: 2020
CVSS v3 Score
4.6
Medium
CVSS v2 Score
2.1
Low
Weakness Type
CWE-327
View all →

Vulnerability Description

Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process.

Related Vulnerabilities

CVE-2007-5460

MEDIUM
CVSS:4.6(Medium)

Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the devic...

CWE-3272007

CVE-2019-11341

MEDIUM
CVSS:4.6(Medium)

On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering t...

CWE-3272019

CVE-2017-14937

MEDIUM
CVSS:4.7(Medium)

The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control units...

CWE-3272017

CVE-2019-15795

MEDIUM
CVSS:4.7(Medium)

python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle ...

CWE-3272019

CVE-2021-36647

MEDIUM
CVSS:4.7(Medium)

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to pre...

CWE-3272021

CVE-2022-30187

MEDIUM
CVSS:4.7(Medium)

Azure Storage Library Information Disclosure Vulnerability

CWE-3272022