CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
48.7%
Android App “IIJ SmartKey” provided by Internet Initiative Japan Inc. contains an information disclosure vulnerability (CWE-200).
Under certain conditions, an attacker may obtain a one-time password issued by the product.
Update the application
Update the application to the latest version according to the information provided by the developer.
This vulneravility was fixed in version 2.1.4 released on June 16, 2020.