CVE-2019-5014 MEDIUM

CVE-2019-5014

Vendor N/A

Product Winco Firefly

Weakness CWE-284

Published May 8, 2019

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

An exploitable improper access control vulnerability exists in the bluetooth low energy functionality of Winco Fireworks FireFly FW-1007 V2.0. An attacker can connect to the device to trigger this vulnerability.

Key dates

02Disclosure timeline

May 8, 2019 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-5014 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

04Related CVE

CVE-2024-39274 Malicious remote can add users to arbitrary teams and channels CVE-2023-1883 Improper Access Control in thorsten/phpmyfaq CVE-2020-15279 Scanning exclusion paths disclosure in BEST for Windows CVE-2023-47110 Any value can be changed in the configuration table by an employee having access to block reassurance module CVE-2021-34627 WP Upload Restriction <= 2.2.3 - Missing Access Control in getSelectedMimeTypesByRole function