Overview
- Description
- Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.4
- Impact score
- 5.2
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- CWE-522
Social media
- Hype score
- Not currently trending
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:chipolo:chipolo_one:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE7CC982-417C-400C-B029-AAB5E38497BC" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:chipolo:chipolo:4.13.0:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "008C5D4C-7770-4877-AD8E-DD7A7086C790" } ], "operator": "OR" } ], "operator": "AND" } ]