01.01.43

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

belwith-keeler

CWE-922

NVD

Published: 2019-08-22

Updated: 2020-10-16

Summary

An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions.

Vulnerable Configurations

Part	Description	Count
Application	Belwith-Keeler Belwith Keeler Hickory Smart 01.01.40 Belwith Keeler Hickory Smart 01.01.43	2

Common Weakness Enumeration (CWE)

CWE-922 - Insecure Storage of Sensitive Information

References

https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/
https://play.google.com/store/apps/details?id=com.belwith.hickorysmart&hl=en_US