PT-2025-15129 · Unknown · Consumer Comanda Mobile
Davimo
·
Published
2025-04-07
·
Updated
2025-04-07
·
CVE-2025-3329
CVSS v4.0
2.3
Low
| Vector | AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Consumer Comanda Mobile versions 14.9.3.2 through 15.0.0.8
Description
A problematic issue has been found in Consumer Comanda Mobile, affecting an unknown part of the Restaurant Order Handler component. The manipulation of the
Login/Password argument leads to the transmission of sensitive information in cleartext. The attack can only be initiated within the local network and is considered to be of rather high complexity, making it difficult to exploit. The exploit has been disclosed to the public.Recommendations
For versions 14.9.3.2 through 15.0.0.8, consider updating to a version that fixes the issue with the
Login/Password argument to prevent cleartext transmission of sensitive information.
As a temporary workaround, consider restricting access to the Restaurant Order Handler component until a patch is available.Exploit
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Consumer Comanda Mobile