{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-28275", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T00:48:49.669Z", "dateReserved": "2024-03-08T00:00:00.000Z", "datePublished": "2024-04-03T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-03T14:55:46.218Z"}, "descriptions": [{"lang": "en", "value": "Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change requests."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://paste.sr.ht/~edaigle/0b4a037fbd3166c8c72fee18efaa7decaf75b0ab"}, {"url": "https://paste.sr.ht/~edaigle/c9637d682b65e6501efb1324bba7787a2f775ff4"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-319", "lang": "en", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "affected": [{"vendor": "puwellcloudtech", "product": "360eyes_pro", "cpes": ["cpe:2.3:a:puwellcloudtech:360eyes_pro:3.9.5.16:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.9.5.16", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-16T20:05:08.726957Z", "id": "CVE-2024-28275", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T20:09:17.917Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.669Z"}, "title": "CVE Program Container", "references": [{"url": "https://paste.sr.ht/~edaigle/0b4a037fbd3166c8c72fee18efaa7decaf75b0ab", "tags": ["x_transferred"]}, {"url": "https://paste.sr.ht/~edaigle/c9637d682b65e6501efb1324bba7787a2f775ff4", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://paste.sr.ht/~edaigle/0b4a037fbd3166c8c72fee18efaa7decaf75b0ab", "tags": ["x_transferred"]}, {"url": "https://paste.sr.ht/~edaigle/c9637d682b65e6501efb1324bba7787a2f775ff4", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.669Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-28275", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-16T20:05:08.726957Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:puwellcloudtech:360eyes_pro:3.9.5.16:*:*:*:*:*:*:*"], "vendor": "puwellcloudtech", "product": "360eyes_pro", "versions": [{"status": "affected", "version": "3.9.5.16"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T20:05:46.707Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://paste.sr.ht/~edaigle/0b4a037fbd3166c8c72fee18efaa7decaf75b0ab"}, {"url": "https://paste.sr.ht/~edaigle/c9637d682b65e6501efb1324bba7787a2f775ff4"}], "descriptions": [{"lang": "en", "value": "Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-03T14:55:46.218Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28275", "state": "PUBLISHED", "dateUpdated": "2024-08-02T00:48:49.669Z", "dateReserved": "2024-03-08T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-04-03T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change requests."}, {"lang": "es", "value": "Se descubri\u00f3 que Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) transmite informaci\u00f3n confidencial en texto sin cifrar. Esta vulnerabilidad permite a los atacantes interceptar y acceder a informaci\u00f3n confidencial, incluidas las credenciales de los usuarios y las solicitudes de cambio de contrase\u00f1a."}], "id": "CVE-2024-28275", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-03T15:15:54.490", "references": [{"source": "cve@mitre.org", "url": "https://paste.sr.ht/~edaigle/0b4a037fbd3166c8c72fee18efaa7decaf75b0ab"}, {"source": "cve@mitre.org", "url": "https://paste.sr.ht/~edaigle/c9637d682b65e6501efb1324bba7787a2f775ff4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://paste.sr.ht/~edaigle/0b4a037fbd3166c8c72fee18efaa7decaf75b0ab"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://paste.sr.ht/~edaigle/c9637d682b65e6501efb1324bba7787a2f775ff4"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}