CVE-2017-17763

EUVD-2017-8914
SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files, as demonstrated by APK injection.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
liveqossuperbeam
𝑥
≤ 4.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://thinktanksec.github.io/
https://thinktanksec.github.io/