CVE-2024-42496

LOW Year: 2024
CVSS v3 Score
2.4
Low
Weakness Type
CWE-256
View all →

Vulnerability Description

Smart-tab Android app installed April 2023 or earlier contains an issue with plaintext storage of a password. If this vulnerability is exploited, an attacker with physical access to the device may retrieve the credential information and spoof the device to access the related external service.

Related Vulnerabilities

CVE-2025-25985

LOW
CVSS:2.6(Low)

An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt...

CWE-2562025

CVE-2024-36464

LOW
CVSS:2.7(Low)

When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to...

CWE-2562024

CVE-2021-25358

LOW
CVSS:3.3(Low)

A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications.

CWE-2562021

CVE-2020-26079

MEDIUM
CVSS:4.1(Medium)

A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due...

CWE-2562020

CVE-2024-4232

MEDIUM
CVSS:4.1(Medium)

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router's firmware/ da...

CWE-2562024

CVE-2024-45638

MEDIUM
CVSS:4.1(Medium)

IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.

CWE-2562024