WTW-EAGLE App Improper Certificate Validation Vulnerability Allowing Man-in-the-Middle Attacks

Vulnerability

A vulnerability exists in the WTW-EAGLE App for iOS and Android, developed by Wireless Tsukamoto Co., Ltd., prior to versions 4.4.1 for iOS and 4.4.0.10 for Android. The issue stems from improper validation of server certificates, which could enable a man-in-the-middle attacker to intercept and monitor encrypted traffic between the app and the server.

Impact

Exploitation of this vulnerability could allow a man-in-the-middle attacker to monitor and potentially manipulate encrypted communications, undermining the confidentiality and integrity of the data being transmitted.

Remediation

Users are advised to update the WTW-EAGLE App to the latest version available on the Apple App Store or Google Play Store.

Added: Sep 12, 2025, 6:24 AM

Updated: Sep 12, 2025, 6:24 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.2

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

WTW-EAGLE App Improper Certificate Validation Vulnerability Allowing Man-in-the-Middle Attacks

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating