Sign-up

ID

VAR-201908-0092


CVE

CVE-2019-5635


TITLE

Belwith Products, LLC Hickory Smart Ethernet Bridge Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-008528

DESCRIPTION

A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge device communicates over the network to an MQTT broker without using encryption. This exposed the default username and password used to authenticate to the MQTT broker. This issue affects Hickory Smart Ethernet Bridge, model number H077646. The firmware does not appear to contain versioning information

Trust: 2.25

sources: NVD: CVE-2019-5635 // JVNDB: JVNDB-2019-008528 // CNVD: CNVD-2019-33586 // VULHUB: VHN-157070

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-33586

AFFECTED PRODUCTS

vendor:belwith keelermodel:hickory smart ethernet bridgescope:eqversion: -

Trust: 1.0

vendor:belwith productsmodel:hickory smart ethernet bridgescope: - version: -

Trust: 0.8

vendor:belwith keelermodel:hickory smart ethernet bridge h077646scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-33586 // JVNDB: JVNDB-2019-008528 // NVD: CVE-2019-5635

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5635
value: HIGH

Trust: 1.0

cve@rapid7.com: CVE-2019-5635
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5635
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-33586
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201908-1813
value: HIGH

Trust: 0.6

VULHUB: VHN-157070
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-5635
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-33586
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-157070
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-5635
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

cve@rapid7.com: CVE-2019-5635
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.0
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-5635
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-33586 // VULHUB: VHN-157070 // JVNDB: JVNDB-2019-008528 // CNNVD: CNNVD-201908-1813 // NVD: CVE-2019-5635 // NVD: CVE-2019-5635

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.1

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-157070 // JVNDB: JVNDB-2019-008528 // NVD: CVE-2019-5635

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1813

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201908-1813

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008528

PATCH
title:Top Pageurl:http://www.hickoryhardware.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-008528

EXTERNAL IDS
db:NVDid:CVE-2019-5635
Trust: 3.1
db:JVNDBid:JVNDB-2019-008528
Trust: 0.8
db:CNVDid:CNVD-2019-33586
Trust: 0.6
db:CNNVDid:CNNVD-201908-1813
Trust: 0.6
db:VULHUBid:VHN-157070
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-33586 // 
            
            
            
            VULHUB: VHN-157070 // 
            
            
            
            JVNDB: JVNDB-2019-008528 // 
            
            
            
            CNNVD: CNNVD-201908-1813 // 
            
            
            
            NVD: CVE-2019-5635

REFERENCES
url:https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/
Trust: 2.5
url:https://hickoryhardware.com/products/hickory-smart-ethernet-bridge?variant=20882150228086
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-5635
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5635
Trust: 0.8
url:https://www.freebuf.com/vuls/211095.html
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-33586 // 
            
            
            
            VULHUB: VHN-157070 // 
            
            
            
            JVNDB: JVNDB-2019-008528 // 
            
            
            
            CNNVD: CNNVD-201908-1813 // 
            
            
            
            NVD: CVE-2019-5635

SOURCES
db:CNVDid:CNVD-2019-33586
db:VULHUBid:VHN-157070
db:JVNDBid:JVNDB-2019-008528
db:CNNVDid:CNNVD-201908-1813
db:NVDid:CVE-2019-5635

LAST UPDATE DATE
2024-11-23T22:48:20.728000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-33586date:2019-09-29T00:00:00
db:VULHUBid:VHN-157070date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2019-008528date:2019-09-03T00:00:00
db:CNNVDid:CNNVD-201908-1813date:2020-10-19T00:00:00
db:NVDid:CVE-2019-5635date:2024-11-21T04:45:16.780

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-33586date:2019-09-29T00:00:00
db:VULHUBid:VHN-157070date:2019-08-22T00:00:00
db:JVNDBid:JVNDB-2019-008528date:2019-09-03T00:00:00
db:CNNVDid:CNNVD-201908-1813date:2019-08-22T00:00:00
db:NVDid:CVE-2019-5635date:2019-08-22T14:15:13.680