PT-2019-10394 · Applock · Applock
Andrew Tierney
·
Publicado
2019-08-07
·
Atualizado
2019-08-15
·
CVE-2018-20958
CVSS v3.1
6.5
Média
| Vetor | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Tapplock devices versions prior to 2018-06-12
Description
The issue concerns the Bluetooth Low Energy (BLE) subsystem, which relies on
Key1 and SerialNo for unlock operations. However, these are derived from the MAC address, which is broadcasted by the device.Recommendations
For versions prior to 2018-06-12, consider restricting access to the BLE subsystem until a fix is available. As a temporary workaround, avoid using the BLE unlock feature to minimize the risk of exploitation.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Applock