Primary

Context

CSC Pay Mobile App Payment Authentication Bypass Vulnerability

Vulnerability

A payment authentication bypass vulnerability exists in the CSC Pay Mobile App version 2.19.4, allowing users to disable Bluetooth during a transaction and bypass payment authorization. This could lead to unauthorized use of laundry services without payment. The vulnerability has been fixed in version 2.20.0.

Impact

Exploitation of this vulnerability allows users to use laundry services without payment, potentially leading to financial loss for the service provider.

Reproduction

To reproduce this vulnerability, initiate a payment through the CSC Pay Mobile App by scanning the QR code on a laundry machine. Before the app completes the Bluetooth authentication and processes the payment, disable Bluetooth. The laundry machine will start the cycle without charging for the service.

Remediation

Users can update to CSC Pay Mobile App version 2.20.0 to address this vulnerability.

Added: Aug 1, 2025, 2:19 PM

Updated: Aug 1, 2025, 2:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.2

remediation

7.7

relevance

0.3

threat

1.6

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.2

remediation

7.7

relevance

0.3

threat

1.6

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CSC Pay Mobile App Payment Authentication Bypass Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating