CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-11334

An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authentication) via capture-replay. Physically proximate attackers can use this information to unlock unauthorized Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.7%

CVSS Severity

CVSS v3 Score 3.7

CVSS v2 Score 4.3

References

http://packetstormsecurity.com/files/153280/Tzumi-Electronics-Klic-Lock-Authentication-Bypass.html
https://github.com/whitehatdefenses/KlicUnLock
http://packetstormsecurity.com/files/153280/Tzumi-Electronics-Klic-Lock-Authentication-Bypass.html
https://github.com/whitehatdefenses/KlicUnLock

Products affected by CVE-2019-11334

Tzumi » Klic Lock » Version: 1.0.9

cpe:2.3:a:tzumi:klic_lock:1.0.9
Tzumi » Klic Smart Padlock Model 5686 » Version: N/A

cpe:2.3:h:tzumi:klic_smart_padlock_model_5686:-
Tzumi » Klic Smart Padlock Model 5686 Firmware » Version: 6.2

cpe:2.3:o:tzumi:klic_smart_padlock_model_5686_firmware:6.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11334

Products

Pricing

Contact Us