Sciener locks’ firmware update mechanism do not authenticate or validate firmware updates if passed to the lock through the Bluetooth Low Energy service. A challenge request can be sent to the lock with a command to prepare for an update, rather than an unlock request, allowing an attacker to compromise the device.
[
{
"vendor": "Sciener",
"product": "Kontrol Lux",
"versions": [
{
"status": "affected",
"version": "6.5.x",
"lessThanOrEqual": "6.5.07",
"versionType": "custom"
}
]
}
]