CVE-2012-3887

Name of the Vulnerable Software and Affected Versions AirDroid versions prior to 1.0.7 beta

Description The issue allows remote attackers to obtain sensitive information by sniffing the local wireless network. This is due to the use of a cleartext base64 format for data transfer, which is incorrectly documented as an "Encrypted Transmission" feature. For example, SMS message content sent to the "sdctl/sms/send/single/" URI can be intercepted.

Recommendations For AirDroid versions prior to 1.0.7 beta, update to version 1.0.7 beta or later to resolve the issue. As a temporary workaround, consider restricting access to the wireless network to minimize the risk of exploitation. Avoid using the "sdctl/sms/send/single/" URI until the issue is resolved.