CVE-2019-5632

Опубликовано: 22 авг. 2019

Источник: nvd

CVSS3: 6.5

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions.

Ссылки

https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/
Third Party Advisory
https://play.google.com/store/apps/details?id=com.belwith.hickorysmart&hl=en_US
Product
https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/
Third Party Advisory
https://play.google.com/store/apps/details?id=com.belwith.hickorysmart&hl=en_US
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:belwith-keeler:hickory_smart:*:*:*:*:*:android:*:*

Версия до 01.01.43 (включая)

EPSS

Процентиль: 18%

0.00058

Низкий

6.5 Medium

CVSS3

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-922

Связанные уязвимости

GHSA-xhfc-wp5r-c2r5

github

больше 3 лет назад

EPSS

Процентиль: 18%

0.00058

Низкий

6.5 Medium

CVSS3

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-922