CVE-2019-5635

EPSS 0.04%
Veröffentlicht 22.08.2019 14:15:13
Zuletzt bearbeitet 21.11.2024 04:45:16
Quelle cve@rapid7.com
CVE-Watchlists
Login
Unerledigt
Login

A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge device communicates over the network to an MQTT broker without using encryption. This exposed the default username and password used to authenticate to the MQTT broker. This issue affects Hickory Smart Ethernet Bridge, model number H077646. The firmware does not appear to contain versioning information.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Belwith-keeler ≫ Hickory Smart Ethernet Bridge Firmware Version-

Belwith-keeler ≫ Hickory Smart Ethernet Bridge Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.089

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
cve@rapid7.com	6.5	2	4	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/

Third Party Advisory

https://hickoryhardware.com/products/hickory-smart-ethernet-bridge?variant=20882150228086

Product

https://nvd.nist.gov/vuln/detail/CVE-2019-5635

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-5635

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-5635

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-5635