- Description
- In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.
- Source
- cve@rapid7.com
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:insteon:insteon_for_hub:*:*:*:*:*:android:*:*",
"vulnerable": true,
"matchCriteriaId": "E5997BAB-1F22-490C-9367-5EE49BBF1DBD",
"versionEndIncluding": "1.9.7"
}
],
"operator": "OR"
}
]
}
]