CVE-2024-39886

Name of the Vulnerable Software and Affected Versions TONE store App versions 3.4.2 and earlier

Description The issue is related to an unprotected primary channel in the TONE store App, which communicates with the TONE store website in cleartext. This could allow a man-in-the-middle attack, enabling an attacker to obtain and/or alter communications of the affected App.

Recommendations For versions 3.4.2 and earlier, consider disabling communication with the TONE store website until a secure connection method is implemented to prevent man-in-the-middle attacks. Restrict access to sensitive data within the App to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.