PT-2019-12246 · Tzumi Electronics · Klic Lock+1
Kerry Enfinger
·
Published
2019-06-11
·
Updated
2023-03-24
·
CVE-2019-11334
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Tzumi Electronics Klic Lock application version 1.0.9
Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2
Description
The issue allows attackers to bypass authentication in website post requests, enabling them to access resources that would otherwise require proper authentication. This can be achieved through capture-replay by physically proximate attackers, potentially leading to unauthorized access to the Tzumi Electronics Klic Smart Padlock.
Recommendations
For Tzumi Electronics Klic Lock application version 1.0.9, update the application to a version that addresses the authentication bypass issue.
For Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2, update the firmware to a version that resolves the vulnerability.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Klic Lock
Klic Smart Padlock