CVE-2019-5635

Published: Aug 22, 2019

Modified: Sep 16, 2024

PUBLISHED

CVSS v3.0

6.5

MEDIUM

Description

A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge device communicates over the network to an MQTT broker without using encryption. This exposed the default username and password used to authenticate to the MQTT broker. This issue affects Hickory Smart Ethernet Bridge, model number H077646. The firmware does not appear to contain versioning information.

Vendor	Product	Versions
Belwith Products, LLC	Hickory Smart Ethernet Bridge	affected `unspecified - <= H077646`

Weaknesses (CWE)

CWE-319

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

References

https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/

x_refsource_MISC

https://hickoryhardware.com/products/hickory-smart-ethernet-bridge?variant=20882150228086

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-5635

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References