2 matches found
CVE-2022-32510
An issue in Nuki Bridge where the HTTP API admin interface was exposed over an unencrypted channel, allowing an attacker who can access the network to eavesdrop a token and impersonate a legitimate user to access the full API. Affected: Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2. Root caus...
CVE-2022-32510
An issue was discovered on certain Nuki Home Solutions devices. The HTTP API exposed by a Bridge used an unencrypted channel to provide an administrative interface. A token can be easily eavesdropped by a malicious actor to impersonate a legitimate user and gain access to the full set of API...