CVE-2019-11334

Опубликовано: 11 июн. 2019

Источник: nvd

CVSS3: 3.7

CVSS2: 4.3

EPSS Низкий

Описание

An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authentication) via capture-replay. Physically proximate attackers can use this information to unlock unauthorized Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2.

Ссылки

http://packetstormsecurity.com/files/153280/Tzumi-Electronics-Klic-Lock-Authentication-Bypass.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/whitehatdefenses/KlicUnLock
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/153280/Tzumi-Electronics-Klic-Lock-Authentication-Bypass.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/whitehatdefenses/KlicUnLock
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tzumi:klic_lock:1.0.9:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:tzumi:klic_smart_padlock_model_5686_firmware:6.2:*:*:*:*:*:*:*

cpe:2.3:h:tzumi:klic_smart_padlock_model_5686:-:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00162

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-294

Связанные уязвимости

GHSA-cxfm-8p22-p9qx