Medium severity5.3NVD Advisory· Published Jun 20, 2017· Updated May 13, 2026

CVE-2017-3215

Description

The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year. This bearer token, in combination with a user_id can be used to perform user actions.

Affected products

Milwaukee/One Key
cpe:2.3:a:milwaukee:one-key:*:*:*:*:*:android:*:*
Milwaukee Tool/ONE-KEYv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

duo.com/blog/bug-hunting-drilling-into-the-internet-of-things-iotnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000