CVE-2018-20958

Severity CVSS v4.0:
Pending analysis
Type:
CWE-200 Information Leak / Disclosure
Publication date:
07/08/2019
Last modified:
15/08/2019

Description

The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:tapplock:tapplock_firmware:*:*:*:*:*:*:*:* 2018-06-12 (excluding)
cpe:2.3:h:tapplock:tapplock:-:*:*:*:*:*:*:*