Search criteria
2 vulnerabilities found for Hickory Smart Ethernet Bridge by Belwith Products, LLC
CVE-2019-5635 (GCVE-0-2019-5635)
Vulnerability from cvelistv5 – Published: 2019-08-22 13:51 – Updated: 2024-09-16 20:07
VLAI?
Title
Hickory Smart Lock Cleartext Password
Summary
A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge device communicates over the network to an MQTT broker without using encryption. This exposed the default username and password used to authenticate to the MQTT broker. This issue affects Hickory Smart Ethernet Bridge, model number H077646. The firmware does not appear to contain versioning information.
Severity ?
6.5 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Belwith Products, LLC | Hickory Smart Ethernet Bridge |
Affected:
unspecified , ≤ H077646
(custom)
|
Credits
This issue was discovered and reported by Deral Heiland of Rapid7. It has been disclosed in accordance with Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/).
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hickoryhardware.com/products/hickory-smart-ethernet-bridge?variant=20882150228086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hickory Smart Ethernet Bridge",
"vendor": "Belwith Products, LLC",
"versions": [
{
"lessThanOrEqual": "H077646",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered and reported by Deral Heiland of Rapid7. It has been disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"datePublic": "2019-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge device communicates over the network to an MQTT broker without using encryption. This exposed the default username and password used to authenticate to the MQTT broker. This issue affects Hickory Smart Ethernet Bridge, model number H077646. The firmware does not appear to contain versioning information."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-22T13:51:37",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hickoryhardware.com/products/hickory-smart-ethernet-bridge?variant=20882150228086"
}
],
"source": {
"advisory": "R7-2019-18.6",
"discovery": "INTERNAL"
},
"title": "Hickory Smart Lock Cleartext Password",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2019-08-01T13:05:00.000Z",
"ID": "CVE-2019-5635",
"STATE": "PUBLIC",
"TITLE": "Hickory Smart Lock Cleartext Password"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hickory Smart Ethernet Bridge",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "H077646"
}
]
}
}
]
},
"vendor_name": "Belwith Products, LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered and reported by Deral Heiland of Rapid7. It has been disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge device communicates over the network to an MQTT broker without using encryption. This exposed the default username and password used to authenticate to the MQTT broker. This issue affects Hickory Smart Ethernet Bridge, model number H077646. The firmware does not appear to contain versioning information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/"
},
{
"name": "https://hickoryhardware.com/products/hickory-smart-ethernet-bridge?variant=20882150228086",
"refsource": "MISC",
"url": "https://hickoryhardware.com/products/hickory-smart-ethernet-bridge?variant=20882150228086"
}
]
},
"source": {
"advisory": "R7-2019-18.6",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5635",
"datePublished": "2019-08-22T13:51:37.081035Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-16T20:07:32.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5635 (GCVE-0-2019-5635)
Vulnerability from nvd – Published: 2019-08-22 13:51 – Updated: 2024-09-16 20:07
VLAI?
Title
Hickory Smart Lock Cleartext Password
Summary
A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge device communicates over the network to an MQTT broker without using encryption. This exposed the default username and password used to authenticate to the MQTT broker. This issue affects Hickory Smart Ethernet Bridge, model number H077646. The firmware does not appear to contain versioning information.
Severity ?
6.5 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Belwith Products, LLC | Hickory Smart Ethernet Bridge |
Affected:
unspecified , ≤ H077646
(custom)
|
Credits
This issue was discovered and reported by Deral Heiland of Rapid7. It has been disclosed in accordance with Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/).
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hickoryhardware.com/products/hickory-smart-ethernet-bridge?variant=20882150228086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hickory Smart Ethernet Bridge",
"vendor": "Belwith Products, LLC",
"versions": [
{
"lessThanOrEqual": "H077646",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered and reported by Deral Heiland of Rapid7. It has been disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"datePublic": "2019-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge device communicates over the network to an MQTT broker without using encryption. This exposed the default username and password used to authenticate to the MQTT broker. This issue affects Hickory Smart Ethernet Bridge, model number H077646. The firmware does not appear to contain versioning information."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-22T13:51:37",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hickoryhardware.com/products/hickory-smart-ethernet-bridge?variant=20882150228086"
}
],
"source": {
"advisory": "R7-2019-18.6",
"discovery": "INTERNAL"
},
"title": "Hickory Smart Lock Cleartext Password",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2019-08-01T13:05:00.000Z",
"ID": "CVE-2019-5635",
"STATE": "PUBLIC",
"TITLE": "Hickory Smart Lock Cleartext Password"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hickory Smart Ethernet Bridge",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "H077646"
}
]
}
}
]
},
"vendor_name": "Belwith Products, LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered and reported by Deral Heiland of Rapid7. It has been disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge device communicates over the network to an MQTT broker without using encryption. This exposed the default username and password used to authenticate to the MQTT broker. This issue affects Hickory Smart Ethernet Bridge, model number H077646. The firmware does not appear to contain versioning information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/"
},
{
"name": "https://hickoryhardware.com/products/hickory-smart-ethernet-bridge?variant=20882150228086",
"refsource": "MISC",
"url": "https://hickoryhardware.com/products/hickory-smart-ethernet-bridge?variant=20882150228086"
}
]
},
"source": {
"advisory": "R7-2019-18.6",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5635",
"datePublished": "2019-08-22T13:51:37.081035Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-16T20:07:32.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}