CVE-2017-2748

Severity

50%

Complexity

99%

Confidentiality

48%

A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.

A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.

CVSS 3.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Overview

Type

HP Isaac Mizrahi Smartwatch

First reported 6 years ago

2019-03-27 17:29:00

Last updated 6 years ago

2019-03-29 16:39:00

Affected Software

HP Isaac Mizrahi Smartwatch 1.0.2.10 for iPhone OS

1.0.2.10
iphone_os

HP Isaac Mizrahi Smartwatch 1.0.201601214 for Android

1.0.201601214
android

HP Isaac Mizrahi Smartwatch 1.2.2.12 for iPhone OS

1.2.2.12
iphone_os

HP Isaac Mizrahi Smartwatch 1.2.2016040820 for Android

1.2.2016040820
android

HP Isaac Mizrahi Smartwatch 1.3.7 for iPhone OS

1.3.7
iphone_os

HP Isaac Mizrahi Smartwatch 1.3.2016052319 for Android

1.3.2016052319
android

HP Isaac Mizrahi Smartwatch 1.4.8 for iPhone OS

1.4.8
iphone_os

HP Isaac Mizrahi Smartwatch 1.4.2016072601 for Android

1.4.2016072601
android

References

https://support.hp.com/us-en/document/c05976868

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.