CVE-2019-5634

EPSS 0.05%
Veröffentlicht 22.08.2019 14:15:13
Zuletzt bearbeitet 21.11.2024 04:45:16
Quelle cve@rapid7.com
CVE-Watchlists
Login
Unerledigt
Login

An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and direct connections to the lock via Bluetooth Low Energy (BLE) from the mobile application are logged in a debug log on the Android device at HickorySmartLog/Logs/SRDeviceLog.txt. This information was found stored in the Android device's default USB or SDcard storage paths and is accessible without rooting the device. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Belwith-keeler ≫ Hickory Smart SwPlatformandroid Version <= 01.01.43

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.13

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	0.7	3.6	CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
cve@rapid7.com	6.5	2	4	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/

Third Party Advisory

https://play.google.com/store/apps/details?id=com.belwith.hickorysmart&hl=en_US

Product

https://nvd.nist.gov/vuln/detail/CVE-2019-5634

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-5634

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-5634

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-5634