{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T13:20:43.650","vulnerabilities":[{"cve":{"id":"CVE-2016-6548","sourceIdentifier":"cret@cert.org","published":"2018-07-13T20:29:00.503","lastModified":"2024-11-21T02:56:20.010","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account."},{"lang":"es","value":"La aplicación móvil de Zizai Tech Nut realiza peticiones mediante HTTP en lugar de HTTPS. Estas peticiones contienen el token de la sesión autenticada del usuario en la URL. Un atacante puede capturar estas peticiones y reutilizar el token de sesión para obtener acceso total a la cuenta del usuario."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cret@cert.org","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nutspace:nut_mobile:-:*:*:*:*:*:*:*","matchCriteriaId":"8C9A2A31-4451-4912-BF48-0ABB3725B13C"}]}]}],"references":[{"url":"https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/","source":"cret@cert.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.kb.cert.org/vuls/id/402847","source":"cret@cert.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.securityfocus.com/bid/93877","source":"cret@cert.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.kb.cert.org/vuls/id/402847","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.securityfocus.com/bid/93877","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}