Vulnerability Details : CVE-2019-5632
An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions.
Products affected by CVE-2019-5632
- cpe:2.3:a:belwith-keeler:hickory_smart:*:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-5632
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-5632
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
2.0
|
4.0
|
cve@rapid7.con | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2019-5632
-
The product stores sensitive information without properly limiting read or write access by unauthorized actors.Assigned by:
- cve@rapid7.con (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2019-5632
-
https://play.google.com/store/apps/details?id=com.belwith.hickorysmart&hl=en_US
Hickory Smart - Apps on Google PlayProduct
-
https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/
IoT Security: Hickory Smart Lock Vulnerability Disclosure DetailsThird Party Advisory
Jump to