PT-2020-11355 · Automobility · Automobility Mycar
Jmaxxz
·
Published
2020-01-15
·
Updated
2020-01-24
·
CVE-2019-9493
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
AutoMobility MyCar versions prior to 3.4.24 on iOS
AutoMobility MyCar versions prior to 4.1.2 on Android
Description
The mobile application contains hard-coded admin credentials, allowing a remote unauthenticated attacker to send commands to and retrieve data from a target unit. This may enable the attacker to learn the location of a target or gain unauthorized physical access to a vehicle.
Recommendations
For AutoMobility MyCar versions prior to 3.4.24 on iOS, update to version 3.4.24 or later.
For AutoMobility MyCar versions prior to 4.1.2 on Android, update to version 4.1.2 or later.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Automobility Mycar