Zoner : Security Vulnerabilities, CVEs,
The Zoner AntiVirus Free application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, as demonstrated by a server used for updating virus signature files.
Max CVSS
4.3
EPSS Score
0.12%
Published
2012-10-24
Updated
2021-11-22
1 vulnerabilities found