CVE-2022-32509

2024-05-1410:43:42

[email protected]

web.nvd.nist.gov

cve-2022-32509

nuki smart lock

nuki bridge

data interception

certificate validation

6.8 Medium

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

JSON

An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on HTTP communications allows attackers to intercept and tamper data. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Bridge v1 before 1.22.0 and Nuki Bridge v2 before 2.13.2.

References

latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/

nuki.io/en/security-updates/

research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/

www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/