CPE matches: cpe:2.3:a:bandh:b\&h_photo_video_pro_audio:2.5.1:*:*:*:*:android:*:*
The B&H Photo Video Pro Audio (aka com.bhphoto) application 2.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- Limited modification of data and/or system files.
- Limited access to information.
- Reduced performance (partial DoS).
- Attacking requires physical proximity to the network and can be done by anyone (requires no authentication).
- Human user action interaction is required for the attack.
Damage and attack conditions obtained from AV:A/AC:M/Au:N/C:P/I:P/A:P (CVSSv2)