CVE-2022-46480

HIGH

8.1

Descricao

Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range.

Detalhes CVE

Pontuacao CVSS v3.18.1

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Vetor de ataqueADJACENT_NETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado12/5/2023

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

u-tec:ultraloq_ul3_btu-tec:ultraloq_ul3_bt_firmware

Fraquezas (CWE)

CWE-294CWE-384

Referencias

https://arxiv.org/abs/2312.00021(cve@mitre.org)

https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent(cve@mitre.org)

https://arxiv.org/abs/2312.00021(af854a3a-2127-422b-91ae-364da2661108)

https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.