AirDroid prior to 1.0.7 beta uses a cleartext base64 format for data transfer that is documented as an "Encrypted Transmission" feature, which allows remote malicious users to obtain sensitive information by sniffing the local wireless network, as demonstrated by the SMS message content sent to the sdctl/sms/send/single/ URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
airdroid airdroid 1.0.5 |
||
airdroid airdroid 1.0.3 |
||
airdroid airdroid |
||
airdroid airdroid 1.0.4 |
||
airdroid airdroid 1.0.2 |
||
airdroid airdroid 1.0.1 |