CVE-2022-46480

2023-12-0400:00:00

mitre

www.cve.org

cve-2022-46480

session management

credential re-use

bluetooth le

ultraloq ul3

smart lock

firmware

security vulnerability

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

21.5%

JSON

Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range.

References

arxiv.org/abs/2312.00021

www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent