CVE-2022-32503

1976-01-0100:00:00

mitre

github.com

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to this JTAG port may be able to connect to the device and bypass both hardware and software security protections. This affects Nuki Keypad before 1.9.2 and Nuki Fob before 1.8.1.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:nuki:keypad:*:*:*:*:*:*:*:*"
    ],
    "vendor": "nuki",
    "product": "keypad",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.9.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:nuki:fob:*:*:*:*:*:*:*:*"
    ],
    "vendor": "nuki",
    "product": "fob",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/

nuki.io/en/security-updates/

research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/

www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/