CVE-2019-11334

LOW Year: 2019
CVSS v3 Score
3.7
Low
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-294
View all →

Vulnerability Description

An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authentication) via capture-replay. Physically proximate attackers can use this information to unlock unauthorized Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2.

Related Vulnerabilities

CVE-2019-11856

LOW
CVSS:3.8(Low)

A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sh...

CWE-2942019

CVE-2019-5307

MEDIUM
CVSS:4.2(Medium)

Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay v...

CWE-2942019

CVE-2024-39081

MEDIUM
CVSS:4.2(Medium)

An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications.

CWE-2942024

CVE-2021-46835

MEDIUM
CVSS:4.3(Medium)

There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers.

CWE-2942021

CVE-2024-38272

HIGH
CVSS:4.3(Medium)

There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the use...

CWE-2942024

CVE-2023-20123

MEDIUM
CVSS:4.6(Medium)

A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay...

CWE-2942023