31 matches found
CVE-2019-12942
TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable...
EUVD-2019-4519
Malware in sbrugna...
EUVD-2019-4518
Malware in sbrugna...
CVE-2019-12943
TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names...
CVE-2023-7005
A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field...
CVE-2023-7005 CVE-2023-7005
A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field...
CVE-2023-7005
CVE-2023-7005 affects the TTLock ecosystem (TTLock App and Sciener firmware components) with a flaw where a specially crafted message to the TTLock App downgrades the cryptographic protocol used for communication and can disclose the unlockKey. The vulnerability is tied to how the app/lock pairin...
CVE-2023-7005 CVE-2023-7005
A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field...
TTLock 安全漏洞
TTLock is a smart lock application from TTLock, Inc. A security vulnerability exists in TTLock that stems from a cryptographic protocol that can be used to compromise a lock by compromising the unlockKey field to degrade the cryptographic protocol used for communication...
CVE-2023-6960
TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion...
CVE-2023-7004
The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity...
CVE-2023-6960 CVE-2023-6960
TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion...
CVE-2023-6960 CVE-2023-6960
TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion...
CVE-2023-6960
CVE-2023-6960 affects TTLock App and Sciener firmware in Kontrol Lux/Gateway G2 and TTLock App environments. Root cause: virtual keys and settings created/managed by the TTLock App are deleted only on the client side, leaving key information persisted on the lock itself; if preserved, these keys ...
CVE-2023-7004 CVE-2023-7004
The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity...
CVE-2023-7004 CVE-2023-7004
The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity...
CVE-2023-7004
CVE-2023-7004 affects the TTLock ecosystem (TTLock App and related Sciener firmware) with a root cause of insufficient verification to prove device identity, enabling a device that spoofs a lock’s MAC address to connect and compromise the unlockKey, affecting lock integrity. Reported by multiple ...
TTLock Security Vulnerability
TTLock is a smart lock. The TTLock App suffers from a security vulnerability that stems from virtual keys and settings being deleted only on the client side, allowing an attacker to access the lock after deletion...
TTLock Security Vulnerability
TTLock is a smart lock. A security vulnerability exists in the TTLock App that stems from not having proper authentication procedures in place to ensure proper device communication, resulting in an attacker being able to connect to a device with a spoofed MAC address, leading to a compromise of t...
Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file upload attacks
Overview Sciener is a company that develops software and hardware for electronic locks that are marketed under many different brands. Their hardware works in tandem with an app, called the TTLock app, which is also produced by Sciener. The TTLock app utilizes Bluetooth connections to connect to...