CVE-2019-5632

Description

An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions.

CVSS breakdown

CVSS 3.0

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Affected products

Belwith Products, LLC / Hickory Smartunspecified – 01.01.43

References

MISChttps://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/
MISChttps://play.google.com/store/apps/details?id=com.belwith.hickorysmart&hl=en_US