CVE-2019-5634— Hickory Smart Lock Insecure Logging on Android
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-5634
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hickory Smart Lock Insecure Logging on Android
Source: NVD (National Vulnerability Database)
Vulnerability Description
An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and direct connections to the lock via Bluetooth Low Energy (BLE) from the mobile application are logged in a debug log on the Android device at HickorySmartLog/Logs/SRDeviceLog.txt. This information was found stored in the Android device's default USB or SDcard storage paths and is accessible without rooting the device. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过日志文件的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Belwith Products Hickory Smart for Android 日志信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Belwith Products Hickory Smart for Android是一款基于Android平台的智能锁应用程序。 Belwith Products Hickory Smart for Android 01.01.43及之前版本中存在日志信息泄露漏洞,该漏洞源于程序将对网络API服务的通信及对通过Bluetooth Low Energy直接连接到智能锁的链接信息存储在了默认的USB或Sdcard存储路径,而此信息无需root设备便可直接访问。攻击者可利用该漏洞访问这些信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Belwith Products, LLC | Hickory Smart | unspecified ~ 01.01.43 | - |
II. Public POCs for CVE-2019-5634
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-5634
请登录查看更多情报信息。
Same Patch Batch · Belwith Products, LLC · 2019-08-22 · 4 CVEs total
| CVE-2019-5632 | Hickory Smart Lock Insecure Storage on Android | |
| CVE-2019-5633 | Hickory Smart Lock Insecure Storage on iOS | |
| CVE-2019-5635 | Hickory Smart Lock Cleartext Password |
IV. Related Vulnerabilities
Same weakness: CWE-532
- CVE-2026-42282
n8n-MCP: Sensitive MCP tool-call arguments logged on authent - CVE-2026-41495
n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Req - CVE-2026-41004
VMware Spring Cloud Config 日志信息泄露漏洞 - CVE-2024-30151
HCL BigFix Service Management (SM) is susceptible to Broken - CVE-2026-7824
PaperCut Hive (Ricoh): Plain text password in logs
V. Comments for CVE-2019-5634
No comments yet