CVE-2024-34897

CVE-2024-34897 is an API key disclosure vulnerability, classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), affecting the Nedis SmartLife Android app version 1.4.0. The vulnerability was published on 2025-02-03 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity due to its potential for significant confidentiality impact.

A remote attacker can exploit this vulnerability over the network with low attack complexity, requiring no authentication privileges, no user interaction, and without changing the scope of impact. Exploitation leads to high confidentiality consequences, enabling the disclosure of a sensitive API key from the affected app.

Mitigation guidance and additional details are available in vendor and research resources, including the Nedis website at http://nedis.com and a document from KTH Royal Institute of Technology at https://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-359419. Security practitioners should consult these for patching or workaround recommendations specific to the Nedis SmartLife app.