Vulnerability Description
A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge device communicates over the network to an MQTT broker without using encryption. This exposed the default username and password used to authenticate to the MQTT broker. This issue affects Hickory Smart Ethernet Bridge, model number H077646. The firmware does not appear to contain versioning information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Belwith-Keeler | Hickory Smart Ethernet Bridge Firmware | - |
| Belwith-Keeler | Hickory Smart Ethernet Bridge | - |
Related Weaknesses (CWE)
References
- https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerThird Party Advisory
- https://hickoryhardware.com/products/hickory-smart-ethernet-bridge?variant=20882Product
- https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerThird Party Advisory
- https://hickoryhardware.com/products/hickory-smart-ethernet-bridge?variant=20882Product
FAQ
What is CVE-2019-5635?
CVE-2019-5635 is a vulnerability with a CVSS score of 7.5 (HIGH). A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge dev...
How severe is CVE-2019-5635?
CVE-2019-5635 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5635?
Check the references section above for vendor advisories and patch information. Affected products include: Belwith-Keeler Hickory Smart Ethernet Bridge Firmware, Belwith-Keeler Hickory Smart Ethernet Bridge.