← Zuruck zu CVEs
CVE-2019-11334
LOW3.7
Beschreibung
An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authentication) via capture-replay. Physically proximate attackers can use this information to unlock unauthorized Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2.
CVE Details
CVSS v3.1 Bewertung3.7
SchweregradLOW
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht6/11/2019
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
tzumi:klic_locktzumi:klic_smart_padlock_model_5686tzumi:klic_smart_padlock_model_5686_firmware
Schwachen (CWE)
CWE-294
Referenzen
http://packetstormsecurity.com/files/153280/Tzumi-Electronics-Klic-Lock-Authentication-Bypass.html(cve@mitre.org)
https://github.com/whitehatdefenses/KlicUnLock(cve@mitre.org)
http://packetstormsecurity.com/files/153280/Tzumi-Electronics-Klic-Lock-Authentication-Bypass.html(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/whitehatdefenses/KlicUnLock(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.