Design/Logic Flaw

2017-04-2120:59:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.4%

JSON

The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application.

CPENameOperatorVersion
wavele1.0.1.26

CPE	Name	Operator	Version
	wave	le	1.0.1.26

References

packetstormsecurity.com/files/136291/Grandstream-Wave-1.0.1.26-Update-Redirection.html

www.securityfocus.com/archive/1/537821/100/0/threaded

rt-solutions.de/wp-content/uploads/2016/04/CVE-2016-1520-app-update-redirection.pdf