Improper authentication in Vandy Vape platform
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-16518 |
| CWE-ID | CWE-287 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Vandy Vape Hardware solutions / Other hardware appliances Swell Kit Mod Hardware solutions / Firmware |
| Vendor | Vandyvape Technology |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper Authentication
EUVDB-ID: #VU21305
Risk: Low
CVSSv3.1: 2.3 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:U/RC:C]
CVE-ID: CVE-2019-16518
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to an error in the Swell Kit Mod devices that use the Vandy Vape platform. A local attacker with physical access can trigger an unintended temperature in the victim's mouth and throat via Bluetooth Low Energy (BLE) packets that specify large power or voltage values.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsVandy Vape: All versions
Swell Kit Mod: All versions
External linkshttp://gitlab.com/crypt0crc/cve-2019-16518
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
