Skip to main content

Veryfitpro

2 CVEs product

Monthly

CVE-2021-36460 HIGH POC This Week

VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Veryfitpro
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-32612 HIGH POC This Week

The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Veryfitpro
NVD
CVSS 3.1
8.1
EPSS
1.1%
EPSS 0% CVSS 7.8
HIGH POC This Week

VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Veryfitpro
NVD GitHub VulDB
EPSS 1% CVSS 8.1
HIGH POC This Week

The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Veryfitpro
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy