{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-28T01:32:50.910","vulnerabilities":[{"cve":{"id":"CVE-2024-48548","sourceIdentifier":"cve@mitre.org","published":"2024-10-24T17:15:17.663","lastModified":"2026-06-17T07:58:35.087","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number via a bruteforce attack."},{"lang":"es","value":"El archivo APK de Cloud Smart Lock v2.0.1 tiene una URL filtrada que puede llamar a una API para vincular dispositivos físicos. Esta vulnerabilidad permite a los atacantes construir arbitrariamente una solicitud para usar la aplicación para vincularse a dispositivos desconocidos al encontrar un número de serie válido mediante un ataque de fuerza bruta."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"cloud_smart_lock","product":"cloud_smart_lock_firmware","defaultStatus":"unknown","cpes":["cpe:2.3:o:cloud_smart_lock:cloud_smart_lock_firmware:2.0.1:*:*:*:*:*:*:*"],"versions":[{"version":"2.0.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-10-24T20:51:07.569839Z","id":"CVE-2024-48548","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://cloudsmartlock.com/m/app.html","source":"cve@mitre.org"},{"url":"https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.seamooncloud.cloudsmartlock/com.seamooncloud.cloudsmartlock.md","source":"cve@mitre.org"}]}}]}