Lucene search

K
vulnrichmentMitreVULNRICHMENT:CVE-2022-32507
HistoryJan 01, 1976 - 12:00 a.m.

CVE-2022-32507

1976-01-0100:00:00
mitre
github.com
2

AI Score

7.2

Confidence

Low

SSVC

Exploitation

poc

Automatable

no

Technical Impact

total

An issue was discovered on certain Nuki Home Solutions devices. Some BLE commands, which should have been designed to be only called from privileged accounts, could also be called from unprivileged accounts. This demonstrates that no access controls were implemented for the different BLE commands across the different accounts. This affects Nuki Smart Lock 3.0 before 3.3.5 and Nuki Smart Lock 2.0 before 2.12.4.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:nuki:smart_lock_v3_pro:*:*:*:*:*:*:*:*"
    ],
    "vendor": "nuki",
    "product": "smart_lock_v3_pro",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "3.3.5",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:nuki:smart_lock_v2:*:*:*:*:*:*:*:*"
    ],
    "vendor": "nuki",
    "product": "smart_lock_v2",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "2.12.4",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

AI Score

7.2

Confidence

Low

SSVC

Exploitation

poc

Automatable

no

Technical Impact

total

Related for VULNRICHMENT:CVE-2022-32507