CVE-2023-7003

The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused to compromise other locks using the Sciener firmware...

CVE-2023-7003

The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused to compromise other locks using the Sciener firmware...

CVE-2023-7003 CVE-2023-7003

The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused to compromise other locks using the Sciener firmware...

CVE-2023-7003

The CVE-2023-7003 issue affects Sciener firmware-based locks where the AES key used in pairing with a wireless keypad is not unique, enabling the key to be reused across other Sciener locks and potentially compromising their security. Publicly documented sources (NVD/Red Hat/ CERT-family entries ...

CVE-2023-7003 CVE-2023-7003

The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused to compromise other locks using the Sciener firmware...

CVE-2023-7006 CVE-2023-7006

The unlockKey character in a lock using Sciener firmware can be brute forced through repeated challenge requests, compromising the locks integrity...

CVE-2023-7006 CVE-2023-7006

The unlockKey character in a lock using Sciener firmware can be brute forced through repeated challenge requests, compromising the locks integrity...

Sciener firmware security vulnerability

Sciener is a smart lock firmware from Sciener. The Sciener firmware has a security vulnerability that stems from the fact that the AES key for the pairing between the lock and the wireless keypad is not unique and can be reused...

PT-2024-15172 · Sciener · Sciener Firmware

Name of the Vulnerable Software and Affected Versions: TTLock App affected versions not specified Description: The issue arises from the TTLock App's failure to properly verify the device it is communicating with, allowing a device that spoofs the MAC address of a lock to connect and compromise t...

PT-2024-15174 · Kontrol +2 · Kontrol +3

Name of the Vulnerable Software and Affected Versions: Sciener firmware affected versions not specified Description: The issue concerns the unlockKey character in locks using Sciener firmware, which can be compromised through brute force attacks by sending repeated challenge requests. This affect...

PT-2024-15171 · Kontrol +2 · Kontrol +3

Name of the Vulnerable Software and Affected Versions: Sciener firmware affected versions not specified Description: The issue concerns the use of a non-unique AES key in the pairing process between locks using Sciener firmware and wireless keypads. This key can be reused, potentially compromisin...

PT-2024-15143 · Sciener · Sciener Firmware

Name of the Vulnerable Software and Affected Versions: TTLock App affected versions not specified Description: The TTLock App has an issue where virtual keys and settings are only deleted on the client side. If these deleted items are preserved, they can still be used to access the lock after the...