漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Hickory Smart Lock Insecure Logging on Android
Vulnerability Description
An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and direct connections to the lock via Bluetooth Low Energy (BLE) from the mobile application are logged in a debug log on the Android device at HickorySmartLog/Logs/SRDeviceLog.txt. This information was found stored in the Android device's default USB or SDcard storage paths and is accessible without rooting the device. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions.
CVSS Information
N/A
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
Belwith Products Hickory Smart for Android 日志信息泄露漏洞
Vulnerability Description
Belwith Products Hickory Smart for Android是一款基于Android平台的智能锁应用程序。 Belwith Products Hickory Smart for Android 01.01.43及之前版本中存在日志信息泄露漏洞,该漏洞源于程序将对网络API服务的通信及对通过Bluetooth Low Energy直接连接到智能锁的链接信息存储在了默认的USB或Sdcard存储路径,而此信息无需root设备便可直接访问。攻击者可利用该漏洞访问这些信息。
CVSS Information
N/A
Vulnerability Type
N/A