CVE-2015-4080 : The Kankun Smart Socket device and mobile application uses a hardcoded AES 256 b

The Kankun Smart Socket device and mobile application uses a hardcoded AES 256 bit key, which makes it easier for remote attackers to (1) obtain sensitive information by sniffing the network and (2) obtain access to the device by encrypting messages.

Published 2015-06-09 14:59:06

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2015-4080

Kankun » Smartsocket
cpe:2.3:h:kankun:smartsocket:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-4080

EPSS FAQ

0.67%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 70 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-4080

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2015-4080

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-4080

http://www.securityfocus.com/bid/75057

Kankun Smart Socket CVE-2015-4080 Local Security Bypass Vulnerability
http://www.securityfocus.com/archive/1/535702/100/0/threaded

SecurityFocus
http://packetstormsecurity.com/files/132210/Kankun-Smart-Socket-Mobile-App-Hardcoded-AES-Key.html

Kankun Smart Socket / Mobile App Hardcoded AES Key ≈ Packet Storm
https://plus.google.com/109112844319840106704/posts

Inloggen - Google Accounts

Jump to

Vulnerability Details : CVE-2015-4080

Products affected by CVE-2015-4080

Exploit prediction scoring system (EPSS) score for CVE-2015-4080

CVSS scores for CVE-2015-4080

CWE ids for CVE-2015-4080

References for CVE-2015-4080