Sign-up

ID

VAR-201906-0973


CVE

CVE-2019-11334


TITLE

For mobile devices Tzumi Electronics Klic Lock application and Klic Smart Padlock Model 5686 Firmware authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005400

DESCRIPTION

An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authentication) via capture-replay. Physically proximate attackers can use this information to unlock unauthorized Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

Trust: 1.8

sources: NVD: CVE-2019-11334 // JVNDB: JVNDB-2019-005400 // VULHUB: VHN-142970 // VULMON: CVE-2019-11334

AFFECTED PRODUCTS

vendor:tzumimodel:klic lockscope:eqversion:1.0.9

Trust: 1.9

vendor:tzumimodel:klic smart padlock model 5686scope:eqversion:6.2

Trust: 1.9

sources: VULMON: CVE-2019-11334 // JVNDB: JVNDB-2019-005400 // NVD: CVE-2019-11334

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11334
value: LOW

Trust: 1.0

NVD: CVE-2019-11334
value: LOW

Trust: 0.8

CNNVD: CNNVD-201906-389
value: LOW

Trust: 0.6

VULHUB: VHN-142970
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-11334
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-11334
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-142970
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11334
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-11334
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-142970 // VULMON: CVE-2019-11334 // JVNDB: JVNDB-2019-005400 // CNNVD: CNNVD-201906-389 // NVD: CVE-2019-11334

PROBLEMTYPE DATA

problemtype:CWE-294

Trust: 1.1

problemtype:CWE-287

Trust: 0.9

sources: VULHUB: VHN-142970 // JVNDB: JVNDB-2019-005400 // NVD: CVE-2019-11334

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-389

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201906-389

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005400

PATCH
title:Top Pageurl:https://tzumi.com
Trust: 0.8
title:KlicUnLockurl:https://github.com/whitehatdefenses/KlicUnLock 
Trust: 0.1
title:ownklokurl:https://github.com/fierceoj/ownklok 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-11334 // 
            
            
            
            JVNDB: JVNDB-2019-005400

EXTERNAL IDS
db:PACKETSTORMid:153280
Trust: 2.6
db:NVDid:CVE-2019-11334
Trust: 2.6
db:JVNDBid:JVNDB-2019-005400
Trust: 0.8
db:CNNVDid:CNNVD-201906-389
Trust: 0.7
db:VULHUBid:VHN-142970
Trust: 0.1
db:VULMONid:CVE-2019-11334
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142970 // 
            
            
            
            VULMON: CVE-2019-11334 // 
            
            
            
            JVNDB: JVNDB-2019-005400 // 
            
            
            
            CNNVD: CNNVD-201906-389 // 
            
            
            
            NVD: CVE-2019-11334

REFERENCES
url:http://packetstormsecurity.com/files/153280/tzumi-electronics-klic-lock-authentication-bypass.html
Trust: 3.2
url:https://github.com/whitehatdefenses/klicunlock
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2019-11334
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11334
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/162649
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142970 // 
            
            
            
            VULMON: CVE-2019-11334 // 
            
            
            
            JVNDB: JVNDB-2019-005400 // 
            
            
            
            CNNVD: CNNVD-201906-389 // 
            
            
            
            NVD: CVE-2019-11334

SOURCES
db:VULHUBid:VHN-142970
db:VULMONid:CVE-2019-11334
db:JVNDBid:JVNDB-2019-005400
db:CNNVDid:CNNVD-201906-389
db:NVDid:CVE-2019-11334

LAST UPDATE DATE
2024-11-23T21:37:12.376000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142970date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-11334date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-005400date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201906-389date:2020-08-25T00:00:00
db:NVDid:CVE-2019-11334date:2024-11-21T04:20:54.320

SOURCES RELEASE DATE
db:VULHUBid:VHN-142970date:2019-06-11T00:00:00
db:VULMONid:CVE-2019-11334date:2019-06-11T00:00:00
db:JVNDBid:JVNDB-2019-005400date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201906-389date:2019-06-11T00:00:00
db:NVDid:CVE-2019-11334date:2019-06-11T18:29:00.957