31 matches found
PT-2024-15172 · Sciener · Sciener Firmware
Name of the Vulnerable Software and Affected Versions: TTLock App affected versions not specified Description: The issue arises from the TTLock App's failure to properly verify the device it is communicating with, allowing a device that spoofs the MAC address of a lock to connect and compromise t...
PT-2024-15173 · Unknown · Ttlock App
Name of the Vulnerable Software and Affected Versions: TTLock App affected versions not specified Description: A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through...
Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file upload attacks
Overview Sciener is a company that develops software and hardware for electronic locks that are marketed under many different brands. Their hardware works in tandem with an app, called the TTLock app, which is also produced by Sciener. The TTLock app utilizes Bluetooth connections to connect to...
CVE-2019-12943
TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names...
CVE-2019-12942
TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable...
Design/Logic Flaw
TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names...
Design/Logic Flaw
TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable...
CVE-2019-12943
The CVE-2019-12943 entry concerns TTLock devices where password-reset attempts are not properly restricted, causing incorrect access control and disclosure of valid account names. Affected product: TTLock devices. Root cause: insufficient restrictions on password-reset flow. Impact: potential acc...
CVE-2019-12943
TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names...
CVE-2019-12942
TTLock devices are affected by CVE-2019-12942: guest access is not properly blocked in scenarios where the cloud network is unavailable. The available documents consistently reference TTLock devices and a failure to enforce access control when cloud connectivity is broken, with no concrete detail...
CVE-2019-12942
TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable...