{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T21:27:13.879","vulnerabilities":[{"cve":{"id":"CVE-2024-0390","sourceIdentifier":"cvd@cert.pl","published":"2024-02-15T10:15:09.043","lastModified":"2025-03-13T18:15:36.243","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"INPRAX \"iZZi connect\" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit \"reQnet iZZi\".This issue affects \"iZZi connect\" application versions before 2024010401.\n\n"},{"lang":"es","value":"La aplicación INPRAX \"iZZi connect\" en Android contiene credenciales de cola MQTT codificadas. Los dispositivos de recuperación física correspondientes utilizan la misma cola MQTT. La explotación de esta vulnerabilidad podría permitir el acceso no autorizado para administrar y leer los parámetros de la unidad de recuperación \"reQnet iZZi\". Este problema afecta a las versiones de la aplicación \"iZZi connect\" anteriores a 2024010401."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":3.6}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:inprax:izzi_connect:*:*:*:*:*:android:*:*","versionEndExcluding":"2024010401","matchCriteriaId":"DFEEB825-97A4-4A8E-A606-58A9762A974E"}]}]}],"references":[{"url":"https://cert.pl/en/posts/2024/02/CVE-2024-0390/","source":"cvd@cert.pl","tags":["Third Party Advisory"]},{"url":"https://cert.pl/posts/2024/02/CVE-2024-0390/","source":"cvd@cert.pl","tags":["Third Party Advisory"]},{"url":"https://cert.pl/en/posts/2024/02/CVE-2024-0390/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://cert.pl/posts/2024/02/CVE-2024-0390/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}