Sign-up

ID

VAR-201807-0048


CVE

CVE-2016-6549


TITLE

Zizai Tech Nut contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#402847

DESCRIPTION

The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute. Zizai Tech Nut contains multiple vulnerabilities including sensitive information exposure and missing authentication. Multiple information disclosure vulnerability 2. An authentication-bypass vulnerability. An attacker can exploit these vulnerabilities to gain sensitive information or perform unauthorized actions in the context of the affected application. Other attacks are also possible

Trust: 2.61

sources: NVD: CVE-2016-6549 // CERT/CC: VU#402847 // JVNDB: JVNDB-2016-009186 // BID: 93877

IOT TAXONOMY

category:['industrial device']sub_category:tracker

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:nutspacemodel:nut mobilescope:eqversion: -

Trust: 1.6

vendor:zizai techmodel: - scope: - version: -

Trust: 0.8

vendor:zizaimodel:nutscope: - version: -

Trust: 0.8

vendor:zizaimodel:tech nutscope:eqversion:0

Trust: 0.3

sources: CERT/CC: VU#402847 // BID: 93877 // JVNDB: JVNDB-2016-009186 // CNNVD: CNNVD-201610-782 // NVD: CVE-2016-6549

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6549
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-6549
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201610-782
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2016-6549
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2016-6549
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2016-009186 // CNNVD: CNNVD-201610-782 // NVD: CVE-2016-6549

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

problemtype:CWE-306

Trust: 1.0

sources: JVNDB: JVNDB-2016-009186 // NVD: CVE-2016-6549

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201610-782

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201610-782

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-009186

PATCH
title:Top Pageurl:http://nutspace.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-009186

EXTERNAL IDS
db:CERT/CCid:VU#402847
Trust: 3.5
db:NVDid:CVE-2016-6549
Trust: 2.8
db:BIDid:93877
Trust: 1.9
db:JVNid:JVNVU99751633
Trust: 0.8
db:JVNDBid:JVNDB-2016-009186
Trust: 0.8
db:CNNVDid:CNNVD-201610-782
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CERT/CC: VU#402847 // 
            
            
            
            BID: 93877 // 
            
            
            
            JVNDB: JVNDB-2016-009186 // 
            
            
            
            CNNVD: CNNVD-201610-782 // 
            
            
            
            NVD: CVE-2016-6549

REFERENCES
url:https://www.kb.cert.org/vuls/id/402847
Trust: 2.7
url:https://www.securityfocus.com/bid/93877
Trust: 1.6
url:https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
Trust: 1.6
url:http://nutspace.com/
Trust: 1.1
url:https://community.rapid7.com/community/infosec/blog/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6549
Trust: 0.8
url:https://jvn.jp/vu/jvnvu99751633/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-6549
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CERT/CC: VU#402847 // 
            
            
            
            BID: 93877 // 
            
            
            
            JVNDB: JVNDB-2016-009186 // 
            
            
            
            CNNVD: CNNVD-201610-782 // 
            
            
            
            NVD: CVE-2016-6549

CREDITS
Inc.,Deral Heiland and Adam Compton of Rapid7
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201610-782

SOURCES
db:OTHERid: - 
db:CERT/CCid:VU#402847
db:BIDid:93877
db:JVNDBid:JVNDB-2016-009186
db:CNNVDid:CNNVD-201610-782
db:NVDid:CVE-2016-6549

LAST UPDATE DATE
2025-01-30T20:35:21.222000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#402847date:2016-10-25T00:00:00
db:BIDid:93877date:2016-10-26T00:19:00
db:JVNDBid:JVNDB-2016-009186date:2018-10-03T00:00:00
db:CNNVDid:CNNVD-201610-782date:2019-10-17T00:00:00
db:NVDid:CVE-2016-6549date:2024-11-21T02:56:20.120

SOURCES RELEASE DATE
db:CERT/CCid:VU#402847date:2016-10-25T00:00:00
db:BIDid:93877date:2016-10-25T00:00:00
db:JVNDBid:JVNDB-2016-009186date:2018-10-01T00:00:00
db:CNNVDid:CNNVD-201610-782date:2016-10-27T00:00:00
db:NVDid:CVE-2016-6549date:2018-07-13T20:29:00.550