{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T19:33:46.471","vulnerabilities":[{"cve":{"id":"CVE-2026-4216","sourceIdentifier":"cna@vuldb.com","published":"2026-03-16T14:20:08.733","lastModified":"2026-06-17T10:56:14.263","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The vendor explains: \"The function referenced in the report currently exists in our deployed system. It is related to a developer mode used during the configuration process for Bluetooth pairing between the blood glucose meter and the SmartLog application. This function is intended for configuration purposes related to device integration and testing. (...) [I]n a future application update, we plan to review measures to either remove the developer mode function or restrict access to it.\""},{"lang":"es","value":"Se ha identificado una debilidad en la aplicación i-SENS SmartLog hasta la versión 2.6.8 en Android. Esto afecta a una función desconocida del componente air.SmartLog.android. Esta manipulación causa credenciales codificadas de forma rígida. El ataque solo puede ejecutarse localmente. El exploit se ha puesto a disposición del público y podría usarse para ataques. El proveedor explica: 'La función a la que se hace referencia en el informe existe actualmente en nuestro sistema desplegado. Está relacionada con un modo de desarrollador utilizado durante el proceso de configuración para el emparejamiento Bluetooth entre el medidor de glucosa en sangre y la aplicación SmartLog. Esta función está destinada a fines de configuración relacionados con la integración y prueba de dispositivos. (...) [E]n una futura actualización de la aplicación, planeamos revisar las medidas para eliminar la función del modo de desarrollador o restringir el acceso a ella.'"}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"i-SENS","product":"SmartLog App","modules":["air.SmartLog.android"],"versions":[{"version":"2.6.0","status":"affected"},{"version":"2.6.1","status":"affected"},{"version":"2.6.2","status":"affected"},{"version":"2.6.3","status":"affected"},{"version":"2.6.4","status":"affected"},{"version":"2.6.5","status":"affected"},{"version":"2.6.6","status":"affected"},{"version":"2.6.7","status":"affected"},{"version":"2.6.8","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P","baseScore":4.3,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-16T18:44:59.397464Z","id":"CVE-2026-4216","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-259"},{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://vuldb.com/?ctiid.351140","source":"cna@vuldb.com"},{"url":"https://vuldb.com/?id.351140","source":"cna@vuldb.com"},{"url":"https://vuldb.com/?submit.770497","source":"cna@vuldb.com"},{"url":"https://www.notion.so/Developer-Mode-Credential-Exposure-in-air-SmartLog-android-3182de3f97fb80f1abb7e958be2940fa?source=copy_link","source":"cna@vuldb.com"}]}}]}