CVE-2018-20958

The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tapplock:tapplock_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tapplock:tapplock:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-08-07 13:15

Updated : 2024-02-28 17:08


NVD link : CVE-2018-20958

Mitre link : CVE-2018-20958

CVE.ORG link : CVE-2018-20958


JSON object : View

Products Affected

tapplock

  • tapplock_firmware
  • tapplock
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor