PT-2023-25005 · Hello Cup · Hello Cup
Edward Warren
·
Published
2023-06-28
·
Updated
2024-11-27
·
CVE-2023-34761
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Hello Cup version 1.3.1 for Android
Description
An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup and bypass the application's client-side chat censor filter.
Recommendations
For Hello Cup version 1.3.1 for Android, as a temporary workaround, consider restricting access to the chat functionality until a patch is available. Avoid using the application's chat feature in areas where unauthorized BLE connections are possible.
Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hello Cup