5.3

CVE-2020-8792

Exploit

EPSS 0.23%
Veröffentlicht 04.05.2020 14:15:13
Zuletzt bearbeitet 21.11.2024 05:39:26
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the lock is bound, as well as the name of the lock. Valid barcode inputs can be easily guessed because barcode strings follow a predictable pattern. Correctly guessed valid barcode inputs entered through the app interface disclose arbitrary users' email addresses and lock names.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oklok Project ≫ Oklok Version3.1.1 SwPlatformiphone_os

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.431

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

https://github.com/fierceoj/ownklok

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-8792

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8792

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8792

EUVD