aaravavi/TVS-Connect-Application-VAPT

Releases0

This repository contains a detailed list of all the vulnerabilities, found accorss the TVS Connect mobile application by the security team at FEV LTD.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-35537 ↗	Jun 21, 2024Friday, 21 June 2024, 17:15	7.5 HIGH	—
TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption.
CVE-2024-33308 ↗	Apr 30, 2024Tuesday, 30 April 2024, 15:15	9.1 CRITICAL	—
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.
CVE-2024-33309 ↗	Apr 30, 2024Tuesday, 30 April 2024, 15:15	7.5 HIGH	—
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.