CVE-2019-17098 LOW

CVE-2019-17098: Use of Hard-coded Cryptographic Key vulnerability in August Connect Wi-Fi Bridge App

Vendor August
Product Smart Lock and Connect Wi-Fi Bridge App
Weakness CWE-321
Published September 30, 2020
Last update September 17, 2024

CVSS base score

3.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior versions on Android. August Connect Firmware version 2.2.12 and prior versions.

Key dates

02Disclosure timeline

September 30, 2020 CVE published
September 17, 2024 Record updated