Lucene search

MitreCVE-2022-32506

HistoryMay 14, 2024 - 10:43 a.m.

CVE-2022-32506

2024-05-1410:43:41

CWE-1263

mitre

web.nvd.nist.gov

nuki smart lock

nuki bridge

swd debug

firmware

flash memory

security vulnerability

physical access

CVSS3

6.4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

JSON

An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to the circuit board could use the SWD debug features to control the execution of code on the processor and debug the firmware, as well as read or alter the content of the internal and external flash memory. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Smart Lock 2.0 before 2.12.4, as well as Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2.

References

latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/

nuki.io/en/security-updates/

research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/

www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/

CVSS3

6.4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

JSON

Related for CVE-2022-32506