First published: Tue Jun 11 2019(Updated: )
An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authentication) via capture-replay. Physically proximate attackers can use this information to unlock unauthorized Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Tzumi Klic Lock | =1.0.9 | |
Tzumi Klic Smart Padlock Model 5686 Firmware | =6.2 | |
Tzumi Klic Smart Padlock Model 5686 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-11334 is an authentication bypass vulnerability in the Tzumi Electronics Klic Lock application 1.0.9.
CVE-2019-11334 allows attackers to access resources that are not otherwise accessible without proper authentication via capture-replay.
CVE-2019-11334 has a severity level of medium, with a CVSS score of 3.7.
There is currently no known fix or patch available for CVE-2019-11334. It is recommended to follow the vendor's advisories for any updates or mitigation steps.
You can find more information about CVE-2019-11334 on the following references: [Packet Storm Security](http://packetstormsecurity.com/files/153280/Tzumi-Electronics-Klic-Lock-Authentication-Bypass.html) and [GitHub](https://github.com/whitehatdefenses/KlicUnLock)