Find, fix and prevent vulnerabilities in your applications, infrastructure and computers.

CVE-2019-11334 Summary

An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authentication) via capture-replay. Physically proximate attackers can use this information to unlock unauthorized Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2.

  • Published Date: Tuesday 11th of June 2019
  • Modified Date: Friday 14th of June 2019
    • CVSSv2 Data: AV:N/AC:M/Au:N/C:P/I:N/A:N
      • Access Vector: NETWORK
      • Access Complexity: MEDIUM
      • Authentication Required: NONE
      • Confidentiality Impact: PARTIAL
      • Integrity Impact: NONE
      • Availability Impact: NONE
    • CVSSv3 Data: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
      • Attack Vector: NETWORK
      • Attack Complexity: HIGH
      • Privileges Required: NONE
      • User Interaction: NONE
      • Scope: UNCHANGED
      • Confidentiality Impact: LOW
      • Integrity Impact: NONE
      • Availability Impact: NONE
    • Common Weakness Enumeration (CWE): CWE-287
    • CVSSv2 Score: 4.3/10
    • CVSSv3 Score: 3.7/10
    • CVSSv3 Base Severity: LOW
    • Common Platform Enumeration (CPE) Affected:
      • tzumi:klic_lock
      • tzumi:klic_smart_padlock_model_5686_firmware
    • Common Platform Enumeration (CPE) List:
      • tzumi:klic_lock
      • tzumi:klic_smart_padlock_model_5686_firmware
      • tzumi:klic_smart_padlock_model_5686
    • Reference:

    Mageni Vulnerability Platform Features

    Mageni's Platform provides the features to help you find, prioritize, remediate and manage the vulnerabilities.

    Vulnerability Scanning

    Vulnerability scanning is the process in which vulnerabilities in IT assets are identified. Mageni's Platform can help you to identify the vulnerabilities in your IT environment.

    • Vulnerability detection: CVE, CPE, CVSS, OVAL
    • Network scans: WMI, LDAP, HTTP, SMB, SSH, TCP, UDP, and more.
    • Scan Policies compliant with PCI DSS, NIST, ISO 27001
    • Network integration: SMTP (Email), SNMP, SysLog, LDAP, NTP, DHCP, IPv4/IPv6
    ...

    Vulnerability Management

    Vulnerability management is the "cyclical practice of identifying, classifying, prioritizing, remediating, and mitigating" software vulnerabilities and is integral to computer security and network security. Mageni's Platform can help you to:

    • Classify the vulnerabilities
    • Prioritize the remediation
    • Mitigate the vulnerabilities
    • Reduce false positives and false negatives
    ...

    An efficient remediaton workflow

    Using the CVSS (Common Vulnerability Scoring System) which is the standard for security rating and scoring of the vulnerabilities, Mageni's Platform can help you remediate and mitigate the vulnerabilities in a timely fashion.

    • Create and assign tickets
    • Comment the vulnerabilities to insert notes
    • Override the score and results
    • Find the proactively closed vulnerabilities
    ...

    Increase security efficiency and intelligence

    With powerful dashboards that processes and analyzes the security vulnerabilities providing a central and customizable location for users to access, interact and analyze up-to-date security information you can make smarter, data-driven decisions. On the dashboard, you can:

    • Add, remove and customize the dashboard.
    • Access to the most fresh vulnerability data.
    • Prioritize the remediation of your vulnerabilities.
    • Focus on the most important vulnerabilities.
    ...

    A complete vulnerability database

    The platform ships with a complete and thorough vulnerability assessment database. Through its auto-update system, it continuously kept up-to-date with information about newly released security updates making easier for you to keep track of the latest vulnerabilities that affect your infrastructure.

    • More than 66,200 vulnerability scanning plugins
    • More than 355,875 CPE (Common Platform Enumeration)
    • More than 123,629 CVE (Common Vulnerabilities and Exposures)
    • More than 28,175 OVAL (Open Vulnerability and Assessment Language).
    ...

    Download Mageni Vulnerability Platform

    Mageni provides a free vulnerability scanning and management platform which helps you need to find, prioritize, remediate and manage the vulnerabilities.