Description
An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/
Product x_refsource_misc
https://play.google.com/store/apps/details?id=com.belwith.hickorysmart&hl=en_US
Scores
CVSS v3
5.5
EPSS
0.0035
EPSS Percentile
26.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-922
Status
published
Products (1)
belwith-keeler/hickory_smart
< 01.01.43
Published
Aug 22, 2019
Tracked Since
Feb 18, 2026