CVE-2021-20732

Description

The ATOM (ATOM - Smart life App for Android versions prior to 1.8.1 and ATOM - Smart life App for iOS versions prior to 1.8.2) does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on encrypted communication via a crafted certificate.

Affected products

• ATOM tech Inc. / ATOMATOM - Smart life App for Android versions prior to 1.8.1 and ATOM - Smart life App for iOS versions prior to 1.8.2 – ATOM - Smart life App for Android versions prior to 1.8.1 and ATOM - Smart life App for iOS versions prior to 1.8.2

References

• MISChttps://www.atomtech.co.jp/news/news/2055/
• MISChttps://jvn.jp/en/jp/JVN64064138/index.html