CVE-2022-32509

2024-05-1410:43:42

[email protected]

web.nvd.nist.gov

cve-2022-32509

nuki home solutions

http communications

data interception

data tampering

nuki smart lock 3.0

nuki bridge v1

nuki bridge v2

6.6 Medium

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

JSON

An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on HTTP communications allows attackers to intercept and tamper data. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Bridge v1 before 1.22.0 and Nuki Bridge v2 before 2.13.2.

References

latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/

nuki.io/en/security-updates/

research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/

www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/