CVE-2019-11334

Name of the Vulnerable Software and Affected Versions Tzumi Electronics Klic Lock application version 1.0.9 Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2

Description The issue allows attackers to bypass authentication in website post requests, enabling them to access resources that would otherwise require proper authentication. This can be achieved through capture-replay by physically proximate attackers, potentially leading to unauthorized access to the Tzumi Electronics Klic Smart Padlock.

Recommendations For Tzumi Electronics Klic Lock application version 1.0.9, update the application to a version that addresses the authentication bypass issue. For Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2, update the firmware to a version that resolves the vulnerability.