Rico só vantagem pra investir App br.com.rico.mobile SegmentSettingsModule.java hard-coded key

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENT_WRITE_KEY leads to use of hard-coded cryptographic key
. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-5453

Source VulDB

Published Apr 3, 2026 at 04:30

Modified Apr 3, 2026 at 11:20

Affected Product

Vendor Rico

Product só vantagem pra investir App

Version 4.58.32.12421

Affected Versions Rico só vantagem pra investir App 4.58.32.12421

CWE Classification

CWE-321 CWE-320

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Rico s\u00f3 vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENT_WRITE_KEY leads to use of hard-coded cryptographic key\r . The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-04-03T04:30:11.575Z",
    "modified": "2026-04-03T11:20:13.272Z",
    "type": "cve",
    "title": "Rico s\u00f3 vantagem pra investir App br.com.rico.mobile SegmentSettingsModule.java hard-coded key",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/355041\nhttps://vuldb.com/vuln/355041/cti\nhttps://vuldb.com/submit/781758\nhttps://www.notion.so/Segment-Write-Key-Exposure-Leading-to-Data-Injection-and-User-Profile-Manipulation-In-br-com-rico-mo-3262de3f97fb800a9bfef6e6fd7d7179?source=copy_link",
    "id": "CVE-2026-5453",
    "bulletinFamily": "",
    "cwe": [
        "CWE-321",
        "CWE-320"
    ],
    "cvelist": null,
    "sourceData": "Rico s\u00f3 vantagem pra investir App 4.58.32.12421",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "s\u00f3 vantagem pra investir App",
    "version": "4.58.32.12421",
    "vendor": "Rico",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Rico só vantagem pra investir App br.com.rico.mobile SegmentSettingsModule.java hard-coded key_CVE-2026-5453