CVE-2019-5014
MEDIUMWinco Fireworks FireFly FW-1007 V2.0 - Info Disclosure
Title source: llmDescription
An exploitable improper access control vulnerability exists in the bluetooth low energy functionality of Winco Fireworks FireFly FW-1007 V2.0. An attacker can connect to the device to trigger this vulnerability.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0772
Scores
CVSS v3
6.5
EPSS
0.0065
EPSS Percentile
46.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-284
CWE-306
Status
published
Products (1)
wincofireworks/fw-1007_firmware
2.0
Published
May 08, 2019
Tracked Since
Feb 18, 2026