Lucene search
+L

96 matches found

osv
osv
added 2019/08/06 6:15 p.m.3 views

CVE-2019-13143

An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the...

9.8CVSS5.8AI score0.03061EPSS
Exploits1References1
nvd
nvd
added 2019/08/06 6:15 p.m.24 views

CVE-2019-13143

An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the...

9.8CVSS9AI score0.03061EPSS
Exploits1References1
attackerkb
attackerkb
added 2019/08/06 6:15 p.m.1 views

CVE-2019-13143

An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the...

9.8CVSS5.6AI score0.03061EPSS
Exploits1References3
prion
prion
added 2019/08/06 6:15 p.m.15 views

Buffer overflow

An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the...

9CVSS8.7AI score0.03061EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2019/08/06 5:38 p.m.23 views

CVE-2019-13143

An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the...

9AI score0.03061EPSS
Exploits1References1
cve
cve
added 2019/08/06 5:38 p.m.47 views

CVE-2019-13143

CVE-2019-13143 affects Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 v2.3. The issue is an HTTP parameter pollution vulnerability that allows an attacker to unbind the current lock owner and bind themselves using the user ID, user name, and the lock MAC address exposed via And...

9.8CVSS8.9AI score0.03061EPSS
Exploits1References1Affected Software1
prion
prion
added 2019/06/11 6:29 p.m.11 views

Authentication flaw

An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources that are not otherwise accessible without proper authentication via capture-replay. Physically proximate attackers can use this informatio...

4.3CVSS4.4AI score0.01588EPSS
Exploits2References2Affected Software2
osv
osv
added 2019/06/11 6:29 p.m.4 views

CVE-2019-11334

An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources that are not otherwise accessible without proper authentication via capture-replay. Physically proximate attackers can use this informatio...

3.7CVSS5.8AI score0.01588EPSS
Exploits2References2
cvelist
cvelist
added 2019/06/11 5:43 p.m.29 views

CVE-2019-11334

An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources that are not otherwise accessible without proper authentication via capture-replay. Physically proximate attackers can use this informatio...

4.3AI score0.01588EPSS
Exploits2References2
cve
cve
added 2019/06/11 5:43 p.m.104 views

CVE-2019-11334

The CVE-2019-11334 issue is an authentication bypass in the Tzumi Electronics Klic Lock ecosystem. The vulnerability affects the Klic Lock mobile app (version 1.0.9) and the Klic Smart Padlock (Firmware 6.2). Attackers can exploit capture-replay of website POST requests to access resources that s...

4.3CVSS4.4AI score0.01588EPSS
Exploits2References2Affected Software1
ptsecurity
ptsecurity
added 2019/06/11 12:0 a.m.5 views

PT-2019-12246 · Tzumi Electronics · Klic Lock +1

Name of the Vulnerable Software and Affected Versions: Tzumi Electronics Klic Lock application version 1.0.9 Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2 Description: The issue allows attackers to bypass authentication in website post requests, enabling them to access resources th...

4.3CVSS4.3AI score0.01588EPSS
Exploits2References3
pentestpartners
pentestpartners
added 2019/05/24 11:58 a.m.137 views

Pwning the Nokelock API

Nokelock Vulnerabilities I’ve been talking at some Infosec meet ups about a certain padlock, called the Nokelock. I need to differentiate this right now as there is a product called nokē, this is not about that. This is about a set of Chinese made padlocks called Nokelock from a company called...

4.3CVSS5.7AI score0.01588EPSS
Exploits2
trellix
trellix
added 2019/02/25 12:0 a.m.8 views

What’s in the Box?

ARCHIVED STORY What’s in the Box? By Sam Quinn · February 25, 2019 2018 was another record-setting year in the continuing trend for consumer online shopping. With an increase in technology and efficiency, and a decrease in cost and shipping time, consumers have clearly made a statement that...

7.5AI score
Exploits0
trellix
trellix
added 2019/02/25 12:0 a.m.16 views

What’s in the Box?

ARCHIVED STORY What’s in the Box? By Sam Quinn · February 25, 2019 2018 was another record-setting year in the continuing trend for consumer online shopping. With an increase in technology and efficiency, and a decrease in cost and shipping time, consumers have clearly made a statement that...

7.5AI score
Exploits0
pentestpartners
pentestpartners
added 2019/02/18 11:46 a.m.68 views

Different ‘smart’ lock, similar security issues

I was looking through Amazon and found this padlock at the cheaper end of the scale. For twenty of my well-earnt English pounds I could become the owner of a new and shiny SLOK lock. Image credit: Amazon It can be unlocked by BLE and can be shared to others, what could I do but buy one and revers...

6.7AI score
Exploits0
krebs
krebs
added 2018/11/26 2:57 p.m.60 views

Half of all Phishing Sites Now Have the Padlock

Maybe you were once advised to "look for the padlock" as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address...

6.7AI score
Exploits0
krebs
krebs
added 2018/11/23 11:24 p.m.76 views

How to Shop Online Like a Security Pro

'Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. So here's a quick refresher course on how to make it through the next few weeks without getting snookered...

6.8AI score
Exploits0
pentestpartners
pentestpartners
added 2018/06/22 3:0 p.m.57 views

Hardware reverse engineering. A tale from the workbench

In line with our previous work on the Tapplock, I decided to have some fun with some electronic locks and ordered a few from a large retail company. Half of these are currently en route to me, on the slowboat from China, but one arrived early. Before I state, let me just say here that I’m not...

6.7AI score
Exploits0
malwarebytes
malwarebytes
added 2018/05/14 5:18 p.m.57 views

A week in security (May 7 – May 13)

Last week on Labs, we looked at the case of a fake Android AV, an annoying adware that goes by the name of Kuik, the return of threat actors behind the Shopper Stop tech scam, a new Netflix phishing scam, the recent zero-day vulnerability in Internet Explorer, and the insufficiency of merely...

7.4AI score
Exploits0
malwarebytes
malwarebytes
added 2017/09/22 5:32 p.m.136 views

Netflix scam warning

Always be on your toes While we are used to receiving scam attempts pretending to be from banks, online shops, credit card companies, and international courier services that does not mean all the other emails are safe. Far from it. To demonstrate this point we will show you a scam aimed at Netfli...

6.5AI score
Exploits0
Rows per page
Query Builder