CVE-2023-7005

A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field...

CVE-2023-7005 CVE-2023-7005

A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field...

CVE-2023-7005

CVE-2023-7005 affects the TTLock ecosystem (TTLock App and Sciener firmware components) with a flaw where a specially crafted message to the TTLock App downgrades the cryptographic protocol used for communication and can disclose the unlockKey. The vulnerability is tied to how the app/lock pairin...

CVE-2023-7005 CVE-2023-7005

A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field...

CVE-2023-7004

The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity...

CVE-2023-6960

CVE-2023-6960 affects TTLock App and Sciener firmware in Kontrol Lux/Gateway G2 and TTLock App environments. Root cause: virtual keys and settings created/managed by the TTLock App are deleted only on the client side, leaving key information persisted on the lock itself; if preserved, these keys ...

CVE-2023-7004 CVE-2023-7004

The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity...

CVE-2023-7004 CVE-2023-7004

The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity...

PT-2024-15172 · Sciener · Sciener Firmware

Name of the Vulnerable Software and Affected Versions: TTLock App affected versions not specified Description: The issue arises from the TTLock App's failure to properly verify the device it is communicating with, allowing a device that spoofs the MAC address of a lock to connect and compromise t...

Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file upload attacks

Overview Sciener is a company that develops software and hardware for electronic locks that are marketed under many different brands. Their hardware works in tandem with an app, called the TTLock app, which is also produced by Sciener. The TTLock app utilizes Bluetooth connections to connect to...

PT-2024-15174 · Kontrol +2 · Kontrol +3

Name of the Vulnerable Software and Affected Versions: Sciener firmware affected versions not specified Description: The issue concerns the unlockKey character in locks using Sciener firmware, which can be compromised through brute force attacks by sending repeated challenge requests. This affect...

PT-2024-15173 · Unknown · Ttlock App

Name of the Vulnerable Software and Affected Versions: TTLock App affected versions not specified Description: A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through...