OR
     *cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:* versions up to (excluding) 120820241550
     *cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:* versions up to (excluding) 1.1.7

NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

NIST NVD-CWE-Other

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332 No Types Assigned

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332 Third Party Advisory

Indian Computer Emergency Response Team (CERT-In) CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Indian Computer Emergency Response Team (CERT-In) CWE-807

This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the second factor authentication process.  

Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for accessing other user accounts.

Indian Computer Emergency Response Team (CERT-In) https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332 [No types assigned]