Main Vulnerability Database Vulnerabilities #VU21305

Improper Authentication in Vandy Vape and Swell Kit Mod - CVE-2019-16518

Published: September 24, 2019

Vulnerability identifier: #VU21305

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2019-16518

CWE-ID: CWE-287

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Vandyvape Technology

Affected software:
Vandy Vape
Swell Kit Mod

Detailed vulnerability description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to an error in the Swell Kit Mod devices that use the Vandy Vape platform. A local attacker with physical access can trigger an unintended temperature in the victim's mouth and throat via Bluetooth Low Energy (BLE) packets that specify large power or voltage values.

How to mitigate CVE-2019-16518

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://gitlab.com/crypt0crc/cve-2019-16518

Improper Authentication in Vandy Vape and Swell Kit Mod - CVE-2019-16518

Detailed vulnerability description

How to mitigate CVE-2019-16518

Sources

Please verify you're human