### [CVE-2019-17098](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17098)
![](https://img.shields.io/static/v1?label=Product&message=Connect%20Firmware&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Smart%20Lock%20and%20Connect%20Wi-Fi%20Bridge%20App&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%3D%202.2.12%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3C%3D%20v10.11.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-321%20Use%20of%20Hard-coded%20Cryptographic%20Key&color=brighgreen)

### Description

Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior versions on Android. August Connect Firmware version 2.2.12 and prior versions.

### POC

#### Reference
- https://labs.bitdefender.com/2020/08/smart-locks-not-so-smart-with-wi-fi-security/
- https://labs.bitdefender.com/2020/08/smart-locks-not-so-smart-with-wi-fi-security/

#### Github
No PoCs found on GitHub currently.