Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2019-11334

Published: 11/06/2019 Updated: 24/03/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 3.7 | Impact Score: 1.4 | Exploitability Score: 2.2
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Tzumi

Vulnerability Summary

An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows malicious users to access resources (that are not otherwise accessible without proper authentication) via capture-replay. Physically proximate attackers can use this information to unlock unauthorized Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

tzumi klic lock 1.0.9

tzumi klic_smart_padlock_model_5686_firmware 6.2

Exploits

Exploit DB: Tzumi Electronics Klic Lock Authentication Bypass
Tzumi Electronics Klic Lock version 109 allows for attackers to access resources via capture-replay ...

Github Repositories

https://github.com/whitehatdefenses/KlicUnLock

KlicUnLock A Python program to unlock any Tzumi Klic smart padlock! · Report Bug · Request Feature About The Project [] An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 109 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper

https://github.com/mitchfay/NokeUnlock

Authentication bypass for NokeLock and rebranded products

NokeLock KlicUnLock Currently under construction This will be a revision change for Nokelock Credit to White Hat Defenses CVE-2019-11334 effects NokeUnlock products Built With Major frameworks used in the project Python bluepy pycrypto Prerequisites The program requires a Linux operating system with bluepy and pycrypto installed See respective links

References

CWE-294https://github.com/whitehatdefenses/KlicUnLockhttp://packetstormsecurity.com/files/153280/Tzumi-Electronics-Klic-Lock-Authentication-Bypass.htmlhttps://nvd.nist.govhttps://github.com/whitehatdefenses/KlicUnLockhttps://github.com/mitchfay/NokeUnlockhttps://packetstormsecurity.com/files/153280/Tzumi-Electronics-Klic-Lock-Authentication-Bypass.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-codedCVE-2024-27202NULL pointer dereferenceCVE-2024-28075CVE-2024-33608CVE-2024-28889CVE-2024-34572template injectionCVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook